infrastructure for static sites on AWS

Provision and deploy static websites to AWS. Use Terraform to define reproducable infrastructure as code.

infrastructure-static is intended to be used as a git-subtree in a static site's repository

git remote add -f infrastructure https://github.com/mwpeterson/infrastructure-static.git
git subtree add --prefix infrastructure infrastructure master --squash

git fetch infrastructure master
git subtree pull --prefix infrastructure infrastructure master --squash

From time to time, update the subtree to pull in changes, bugfixes, and new features from upstream.

You'll need an AWS account and security credentials.

brew install awscli
aws configure

You'll need Terraform installed.

brew install terraform

And each Terraform environment needs to be initialized to store remote state

project='the unique name of this static project'
(cd infrastructure/terraform/global; terraform init -backend-config "key=global")
(cd infrastructure/terraform/stage; terraform init -backend-config "key=$project/stage")
(cd infrastructure/terraform/prod; terraform init -backend-config "key=$project/prod")

ejson is used to encrypt secrets stored in Terraform's tfvars files.

brew install ejson
mkdir -p $HOME/.ejson/keys
export EJSON_KEYDIR=$HOME/.ejson/keys # add to your ~/.bash_profile too!

cat infrastructure/.gitignore >> .gitignore

You'll need a terraform.tfvars.json file for each environment. They needed to be encrypted with ejson. infrastructure-static expects to find prod.terraform.tfvars.ejson and stage.terraform.tfvars.ejson in root of this static site project. Example unencrypted files can be found in infrastructure/terraform.

for f in infrastructure/terraform/*-example ; do g=$(echo $f| sed -e s:-example:: -e s:.*terraform/::); cp $f $g; done
# edit the prod.terraform.tfvars.ejson and stage.terraform.tfvars.ejson files
for f in *.tfvars.json; do ejson encrypt $f; g=$(echo $f | sed 's:.json:.ejson:'); mv $f $g; done

To build stage or prod

environment=stage # or environment=prod
cd infrastructure/terraform/$environment
ejson decrypt terraform.tfvars.ejson > terraform.tfvars.json
terraform plan -out plan
# review the plan terraform will execute
terraform apply plan

If terraform prompts for variables, abort the operation and review the settings in terraform.tfvars.json and set whichever variables are missing

infrastructure-static configures AWS CodePipeline and CodeBuild to deploy changes pushed to develop to the stage environment and to deploy changes pushed to master to the prod environment. The CodePipeline will be triggered when the infrastructure is built, so that the latest version of the site will be deployed.

To contribute, please fork the repository and use a feature branch. Pull requests are warmly welcome.

• Automate ejson steps with a Makefile