Working With Terraform Modules for AWS
By Morgan Lucas
This is a post intended for this site, as a way to get a feel of using it consistently. Older posts are here.
Terraform (now OpenTofu) for AWS is somewhat clearer than Terraform for Azure - easier to grasp than YAML and it's finicky formatting.
After pushing some DevOps Terraform (TF) configurations live to AWS, I wondered if I could push a static webpage.
Situation - Why Would You Use This?
To quickly spin up the front-end for a simple webpage that might take user input after attaching it to back end services that accept and hold the data.
What Other Options Are There?
I've documented hosting static webpages through Azure before on here through various methods - The process is somewhat intensive and relies strongly on interconnected systems. I personally used;
GitHub to host the code
Another option would be using Netlify, but that works best for truly single-page apps like this. It looks like it has different pages to the untrained eye, but it's only one.
How It's Done
Here, the simple webpage is hosted from a bucket. There's an index and error page.
A curious aspect is the website sub-resource-category;
website {
index_document = "index.html"
error_document = "error.html"
}
I couldn't find a CSS option in the documentation - So put your CSS inline, or have a very plain webpage!
The Modules Part
You don't need to have separate folders, one to actually push the files to an s3 instance, but it makes it easier.
The module parts are the ones I had the most trouble wrapping my head around - it wants to link to a folder system, not an individual file.
So I made a modules directory with folders for specific modules - static-site and webserver, from a tutorial listed below, to get a better grasp on things.
And, everything did work once I got the file paths idea hammered in.
How To Host
Several ways; Mostly using CloudFront.
I decided to use the website endpoint as the origin with public access. Some things are already in the configuration file, the acl access option under the bucket.
The CNAME and DNS resolution could be helpful if the page content changes but the URL doesn't, think the Stash Stock Parties - They require, not counting login - about 2 pages.
Let's compare this implementation plan to one of the AWS Five Pillars -
AWS WAF Operational Excellence
Operational Checklist -
Am I ready to run this workload?
Is my account attached to my VS Code?
Do I have the appropriate keys to log into EC2 Instances?
Are my modules folders properly placed?
Do I have the 0.40$ USD to test this config?
Planning Checklist - For paid projects, it's:
When is this expected?
What tools does the company have that I can use right now to make this more efficient?
Can I get feedback in a timely (3-day turnaround) manner?
Implementation is more of the following:
"This is the closest we can get with the built in tools available, but I see from some research, in the future, X Company is creating a tool that will enable us to do Y. We can set aside some budget of both time and money to implement this in a few months."
Needs Improvement
I do wish it was a little easier to add new pages in a blog post fashion, but I admit that may compromise the ability to customize and relative freedom. I can move this box over here and put an image to the right; It would look haphazard on my Blogger theme.
I can just duplicate the page and adjust it to my leisure with each new blog post.
The ability to import all my blog posts to my site would be nice, but that's not really what this site is intended for. Which is fine.
My only issue is maybe navigation; a list of blog posts in the header is going to look ugly if I continue to use this as a blog HQ. I can add blog posts as a subpage and then add them as a module to the home page as a work around.
Check Your Module File
Situation - Why was I getting a loop when I tried to terraform init?
The 'Why' - Because I had two module codes - one in the modules/budget/main.tf, and one in the main file. It was a loop calling something that already existed.
Solution - Comment out the one in the main file with a note - so it only pulls from one.
Thanks to - Craig Samuelson and Brian Mccall on Twitter.
Security Checklist
What is the intended access to this element?
Who do I want to reach it?
Are there any holes in my policies or configurations that can grant unwanted access?
How can I secure this the best way for my needs? Sometimes, in testing, a block/allow list will suffice, other times, you need more.
Resources Used
https://www.youtube.com/watch?v=QKyNIdK1RYw
https://www.youtube.com/watch?v=7jnuTdhxjhw&
https://registry.terraform.io/modules/cloudmaniac/static-website/aws/latest