add dependent module

Author: marcoieni

terragrunt/accounts/legacy/rustc-ci-prod/.terraform.lock.hcl

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     github = {
       source  = "integrations/github"
-      version = "~> 6.2.3"
+      version = "~> 6.2"
     }
   }
 }

terragrunt/modules/gha-iam-user/main.tf

@@ -1,6 +1,4 @@
 locals {
-  bucket_name = "rust-lang-ci2"
-
   rustc_builds     = "rustc-builds"
   rustc_builds_alt = "rustc-builds-alt"
   iam_prefix = "rustc-ci--rust-lang--rust"
@@ -49,11 +47,11 @@ locals {
 import {
   to = aws_s3_bucket.artifacts
   # id retrieved with `terraform state show`.
-  id = local.bucket_name
+  id = "rust-lang-ci2"
 }
 
 resource "aws_s3_bucket" "artifacts" {
-  bucket = local.bucket_name
+  bucket = "rust-lang-ci2"
 
 }
 
@@ -128,14 +126,14 @@ resource "aws_s3_bucket_acl" "artifacts" {
 }
 
 module "artifacts_cdn" {
-  source = "../../shared/modules/static-website"
+  source = "../static-website"
   providers = {
     aws = aws.east1
   }
 
   domain_name        = "ci-artifacts.rust-lang.org"
   origin_domain_name = aws_s3_bucket.artifacts.bucket_regional_domain_name
-  response_policy_id = var.response_policy_id
+  response_policy_id = data.terraform_remote_state.shared.outputs.mdbook_response_policy
 }
 
 data "aws_s3_bucket" "inventories" {

terragrunt/modules/rustc-ci/artifacts.tf

@@ -0,0 +1,99 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.64"
+    }
+  }
+}
+
+module "certificate" {
+  source = "../acm-certificate"
+  legacy = true
+
+  domains = [
+    var.domain_name,
+  ]
+}
+
+data "aws_cloudfront_cache_policy" "cache" {
+  name = "Managed-CachingOptimized"
+}
+
+resource "aws_cloudfront_distribution" "website" {
+  comment = "static website ${var.domain_name}"
+
+  enabled             = true
+  wait_for_deployment = false
+  is_ipv6_enabled     = true
+  default_root_object = "index.html"
+  price_class         = "PriceClass_All"
+  http_version        = "http2and3"
+
+  aliases = [var.domain_name]
+  viewer_certificate {
+    acm_certificate_arn      = module.certificate.arn
+    minimum_protocol_version = "TLSv1.2_2021"
+    ssl_support_method       = "sni-only"
+  }
+
+  default_cache_behavior {
+    target_origin_id       = "main"
+    allowed_methods        = ["GET", "HEAD"]
+    cached_methods         = ["GET", "HEAD"]
+    compress               = true
+    viewer_protocol_policy = "redirect-to-https"
+
+    cache_policy_id            = data.aws_cloudfront_cache_policy.cache.id
+    response_headers_policy_id = var.response_policy_id
+  }
+
+  dynamic "origin" {
+    for_each = var.origin_access_identity == null ? toset([true]) : toset([])
+    content {
+      origin_id   = "main"
+      domain_name = var.origin_domain_name
+      origin_path = var.origin_path
+      custom_origin_config {
+        http_port              = 80
+        https_port             = 443
+        origin_ssl_protocols   = ["TLSv1.2"]
+        origin_protocol_policy = "https-only"
+      }
+    }
+  }
+  dynamic "origin" {
+    for_each = var.origin_access_identity != null ? toset([true]) : toset([])
+    content {
+      origin_id   = "main"
+      domain_name = var.origin_domain_name
+
+      s3_origin_config {
+        origin_access_identity = var.origin_access_identity
+      }
+    }
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+}
+
+data "aws_route53_zone" "zone" {
+  // Convert foo.bar.baz into bar.baz
+  name = join(".", reverse(slice(reverse(split(".", var.domain_name)), 0, 2)))
+}
+
+resource "aws_route53_record" "website" {
+  zone_id = data.aws_route53_zone.zone.id
+  name    = var.domain_name
+  type    = "CNAME"
+  ttl     = 300
+  records = [aws_cloudfront_distribution.website.domain_name]
+}
+
+output "distribution_arn" {
+  value = aws_cloudfront_distribution.website.arn
+}

terragrunt/modules/static-website/main.tf

@@ -0,0 +1,26 @@
+variable "domain_name" {
+  type        = string
+  description = "Domain name of the CloudFront distribution"
+}
+
+variable "origin_domain_name" {
+  type        = string
+  description = "Domain name of the origin"
+}
+
+variable "origin_path" {
+  type        = string
+  default     = null
+  description = "Root path in the origin"
+}
+
+variable "origin_access_identity" {
+  type        = string
+  default     = null
+  description = "Origin Access Identity to use to fetch contents from S3"
+}
+
+variable "response_policy_id" {
+  type        = string
+  description = "CloudFront response headers policy ID"
+}