88 lines
2.2 KiB
TypeScript
88 lines
2.2 KiB
TypeScript
import * as pulumi from "@pulumi/pulumi";
|
|
import * as aws from "@pulumi/aws";
|
|
|
|
import * as fg from "fast-glob";
|
|
import * as fs from "fs/promises";
|
|
import mime from "mime";
|
|
|
|
import * as common from "./common";
|
|
import * as backend from "./backend";
|
|
|
|
const tags = common.tags;
|
|
const prefix = `${common.prefix}-frontend`;
|
|
|
|
// ---- bucket ----
|
|
export const bucket = new aws.s3.Bucket(`${prefix}-bucket`, {tags});
|
|
|
|
// ---- OAI ----
|
|
const oai = new aws.cloudfront.OriginAccessIdentity(`${prefix}-oai`);
|
|
new aws.s3.BucketPolicy(`${prefix}-bucket-policy`, {
|
|
bucket: bucket.bucket,
|
|
policy: pulumi.all([oai.iamArn, bucket.arn]).apply(([a, b]) => JSON.stringify({
|
|
Version: "2012-10-17",
|
|
Statement: [{
|
|
Effect: "Allow",
|
|
Principal: {
|
|
AWS: a,
|
|
},
|
|
Action: ["s3:GetObject"],
|
|
Resource: [`${b}/*`],
|
|
}],
|
|
})),
|
|
});
|
|
|
|
|
|
// ---- cloudfront ----
|
|
export const cloudfront = new aws.cloudfront.Distribution(`${prefix}-cloudfront`, {
|
|
tags,
|
|
origins: [{
|
|
domainName: bucket.bucketRegionalDomainName,
|
|
originId: bucket.arn,
|
|
s3OriginConfig: {
|
|
originAccessIdentity: oai.cloudfrontAccessIdentityPath,
|
|
},
|
|
}],
|
|
enabled: true,
|
|
defaultRootObject: "index.html",
|
|
defaultCacheBehavior: {
|
|
targetOriginId: bucket.arn,
|
|
viewerProtocolPolicy: "redirect-to-https",
|
|
allowedMethods: ["GET", "HEAD", "OPTIONS"],
|
|
cachedMethods: ["GET", "HEAD", "OPTIONS"],
|
|
forwardedValues: {
|
|
queryString: false,
|
|
cookies: { forward: "none" },
|
|
},
|
|
},
|
|
customErrorResponses: [
|
|
{
|
|
errorCode: 403,
|
|
responseCode: 200,
|
|
responsePagePath: "/index.html",
|
|
},
|
|
{
|
|
errorCode: 404,
|
|
responseCode: 200,
|
|
responsePagePath: "/index.html",
|
|
},
|
|
],
|
|
priceClass: "PriceClass_100",
|
|
restrictions: {
|
|
geoRestriction: {
|
|
restrictionType: "none",
|
|
},
|
|
},
|
|
viewerCertificate: {
|
|
cloudfrontDefaultCertificate: true,
|
|
},
|
|
});
|
|
|
|
|
|
// ---- cognito domain ----
|
|
const userPoolDomain = new aws.cognito.UserPoolDomain(`${prefix}-userpool-domain`, {
|
|
domain: "imbusy-auth",
|
|
userPoolId: backend.userPool.id,
|
|
});
|
|
export const userPoolUrl =
|
|
pulumi.interpolate`https://${userPoolDomain.domain}.auth.${aws.config.region}.amazoncognito.com`;
|