Giters

mjeries / terraform-aws-open-next

Terraform Module for Open Next

Home Page:https://registry.terraform.io/modules/RJPearson94/open-next/aws/latest

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Open Next Terraform

This module deploys a next.js website using Open Next to AWS utilising lambda, S3 and CloudFront.

This module will build the corresponding resources to host the single-zone or multi-zone website; several options exist to deploy the backend. The options are:

  • Lambda function URLs (with no auth)
  • HTTP API Gateway (with proxy integrations to lambda functions)
  • Lambda@edge (server function only)

NOTE: If lambda@edge is used, then the warmer function is not deployed

The script to invalidate the CloudFront distribution uses bash, AWS CLI and jq. The invalidation script and Terraform apply will fail if the script fails to run.

To use ISR you need to use at least 2.x of Open Next. If you are using 1.x, please add the following to your Terraform/ Terragrunt configuration

...

isr = {
  create = false
}

...

The module is available in the Terraform registry

Examples

The examples have been moved to a separate repository to reduce the amount of code that Terraform downloads. You can find them at terraform-aws-open-next-examples repo

Module documentation

Below is the documentation for the Terraform module, outlining the providers, modules and resources required to deploy the website. The documentation includes the inputs that can be supplied (including any defaults) and what is outputted from the module.

NOTE: The module will zip all the necessary open-next artefacts as part of a Terraform deployment. To facilitate this, the .open-next folders need to be stored locally.

You must configure the AWS providers four times because some organisations use different accounts or roles for IAM, DNS, etc. The module has been designed to cater for these requirements. The server function is a separate provider to allow your backend resources to be deployed to a region, i.e. eu-west-1, and deploy the server function to another region, i.e. us-east-1, for lambda@edge.

Below is an example setup.

provider "aws" {
  
}

provider "aws" {
  alias = "server_function"
}

provider "aws" {
  alias = "iam"
}

provider "aws" {
  alias = "dns"
}

Requirements

Name Version
terraform >= 1.4.0
archive >= 2.3.0
aws >= 4.67.0

Providers

Name Version
archive >= 2.3.0
aws >= 4.67.0
aws.dns >= 4.67.0
terraform n/a

Modules

Name Source Version
image_optimisation_function ./modules/tf-aws-lambda n/a
revalidation_function ./modules/tf-aws-lambda n/a
server_function ./modules/tf-aws-lambda n/a
warmer_function ./modules/tf-aws-scheduled-lambda n/a

Resources

Name Type
aws_apigatewayv2_api.api resource
aws_apigatewayv2_deployment.deployment resource
aws_apigatewayv2_stage.stable resource
aws_cloudfront_cache_policy.cache_policy resource
aws_cloudfront_distribution.website_distribution resource
aws_cloudfront_function.x_forwarded_host resource
aws_cloudfront_origin_access_control.website_origin_access_control resource
aws_lambda_event_source_mapping.revalidation_queue_source resource
aws_lambda_permission.image_optimisation_function_permission resource
aws_lambda_permission.server_function_permission resource
aws_route53_record.route53_a_record resource
aws_route53_record.route53_aaaa_record resource
aws_s3_bucket.website_bucket resource
aws_s3_bucket_policy.website_bucket_policy resource
aws_s3_object.cache_asset resource
aws_s3_object.website_asset resource
aws_sqs_queue.revalidation_queue resource
terraform_data.invalidate_distribution resource
archive_file.image_optimization_function data source
archive_file.revalidation_function data source
archive_file.server_function data source
archive_file.warmer_function data source
aws_cloudfront_cache_policy.caching_optimized data source
aws_cloudfront_origin_request_policy.all_viewer_except_host_header data source
aws_region.current data source
aws_route53_zone.hosted_zone data source

Inputs

Name Description Type Default Required
cache_control_immutable_assets_regex Regex to set public,max-age=31536000,immutable on immutable resources string `"^.*(\.js \.css
cloudfront Configuration for the CloudFront distribution 
object({
    enabled                  = optional(bool, true)
    invalidate_on_change     = optional(bool, true)
    minimum_protocol_version = optional(string, "TLSv1.2_2021")
    ssl_support_method       = optional(string, "sni-only")
    http_version             = optional(string, "http2and3")
    ipv6_enabled             = optional(bool, true)
    price_class              = optional(string, "PriceClass_100")
    geo_restrictions = optional(object({
      type      = optional(string, "none"),
      locations = optional(list(string), [])
    }), {})
  })
 {} no
cloudwatch_log Override the Cloudwatch logs configuration 
object({
    retention_in_days = number
  })
 
{
  "retention_in_days": 7
}
 no
content_types The MIME type mapping and default for artefacts generated by Open Next 
object({
    mapping = optional(map(string), {
      "svg" = "image/svg+xml",
      "js"  = "application/javascript",
      "css" = "text/css",
    })
    default = optional(string, "binary/octet-stream")
  })
 {} no
domain Configuration to for attaching a custom domain to the CloudFront distribution 
object({
    create                 = optional(bool, false)
    hosted_zone_name       = optional(string),
    name                   = optional(string),
    alternate_names        = optional(list(string), [])
    acm_certificate_arn    = optional(string),
    evaluate_target_health = optional(bool, false)
  })
 {} no
iam Override the default IAM configuration 
object({
    path                 = optional(string, "/")
    permissions_boundary = optional(string)
  })
 {} no
image_optimisation_function Configuration for the image optimisation function 
object({
    runtime     = optional(string, "nodejs18.x")
    deployment  = optional(string, "REGIONAL_LAMBDA")
    timeout     = optional(number, 25)
    memory_size = optional(number, 1536)
    additional_environment_variables = optional(map(string), {})
    additional_iam_policies = optional(list(object({
      name = string,
      arn  = optional(string)
      policy = optional(string)
    })), [])
    vpc = optional(object({
      security_group_ids = list(string),
      subnet_ids         = list(string)
    }))
  })
 {} no
isr Configuration for ISR, including creation and function config. To use ISR you need to use at least 2.x of Open Next, for 1.x please set create to false 
object({
    create = bool
    revalidation_function = optional(object({
      runtime     = optional(string, "nodejs18.x")
      deployment  = optional(string, "REGIONAL_LAMBDA")
      timeout     = optional(number, 30)
      memory_size = optional(number, 128)
      additional_environment_variables = optional(map(string), {})
      additional_iam_policies = optional(list(object({
        name = string,
        arn  = optional(string)
        policy = optional(string)
      })), [])
      vpc = optional(object({
        security_group_ids = list(string),
        subnet_ids         = list(string)
      }))
    }), {})
  })
 
{
  "create": true
}
 no
open_next The next.js website config for single and multi-zone deployments 
object({
    exclusion_regex  = optional(string)
    root_folder_path = string
    additional_zones = optional(list(object({
      name        = string
      http_path   = string
      folder_path = string
    })), [])
  })
 n/a yes
preferred_architecture Preferred instruction set architecture for the lambda function. If lambda@edge is used for the server function, the architecture will be set to x86_64 for that function string "arm64" no
prefix A prefix which will be attached to the resource name to ensure resources are random string null no
server_function Configuration for the server function 
object({
    runtime     = optional(string, "nodejs18.x")
    deployment  = optional(string, "REGIONAL_LAMBDA")
    timeout     = optional(number, 10)
    memory_size = optional(number, 1024)
    additional_environment_variables = optional(map(string), {})
    additional_iam_policies = optional(list(object({
      name = string,
      arn  = optional(string)
      policy = optional(string)
    })), [])
    vpc = optional(object({
      security_group_ids = list(string),
      subnet_ids         = list(string)
    }))
  })
 {} no
suffix A suffix which will be attached to the resource name to ensure resources are random string null no
vpc The default VPC configuration for the lambda resources. This can be overridden for each function 
object({
    security_group_ids = list(string),
    subnet_ids         = list(string)
  })
 null no
warmer_function Configuration for the warmer function 
object({
    create      = bool
    runtime     = optional(string, "nodejs18.x")
    concurrency = optional(number, 20)
    timeout     = optional(number, 15 * 60) // 15 minutes
    memory_size = optional(number, 1024)
    schedule    = optional(string, "rate(5 minutes)")
    additional_environment_variables = optional(map(string), {})
    additional_iam_policies = optional(list(object({
      name = string,
      arn  = optional(string)
      policy = optional(string)
    })), [])
    vpc = optional(object({
      security_group_ids = list(string),
      subnet_ids         = list(string)
    }))
  })
 
{
  "create": false
}
 no

Outputs

Name Description
cloudfront_url The URL for the cloudfront distribution
domain_names The custom domain names attached to the cloudfront distribution

About

Terraform Module for Open Next

https://registry.terraform.io/modules/RJPearson94/open-next/aws/latest

Languages

Language:HCL 98.9%Language:Shell 1.1%