Infra Foundation Terraform catalog

AWS infrastructure for static site — Terraform blueprint

This catalog item mirrors the terraform-aws-s3-static-site layout: bootstrap remote state prerequisites, discrete live/staging and live/prod roots, reusable modules behind a private Amazon S3 origin, Amazon CloudFront with Origin Access Control, and ACM TLS in us-east-1 for CDN aliases—plus scripted s3 sync and invalidation helpers wired for CI.

See what is included
Architecture overview: AWS static-site infrastructure with CloudFront

Infra-first static hosting

Terraform creates and wires the CDN and origin—you supply built HTML/CSS/JS (or automate builds separately). Bucket policies keep the origin private while CloudFront fetches objects through OAC permissions.

Separate state keys isolate staging versus production workloads, aligning with predictable promotion rituals and Git-driven automation outlined in the upstream documentation.

What is included

Infrastructure primitives
  • Origin bucket hardened for CDN-only reads
  • CloudFront distributions with HTTPS via ACM
  • Optional Route 53 records when you control the hosted zone inside AWS
  • Optional IAM GitHub Actions roles for scripted deploy workflows
Operational tooling
  • Shell helpers for bucket sync from your site/ directory structure
  • CloudFront invalidation helper after uploads
  • Documented staging → production promotion path
Repositories and examples
  • Modular codebase under terraform-aws-s3-static-site including orchestration snippets
  • README walkthrough covering bootstrap vs live stacks
What Terraform does not do
  • Static objects are intentionally outside Terraform—you sync assets after infra apply matches the README expectations

Repository overview

terraform-aws-s3-static-site splits bootstrap (local-state prerequisites) from environment-specific live stacks and pairs them with scripted operations for content refresh.

terraform-aws-s3-static-site/
├── static-web/
│   ├── bootstrap/
│   ├── live/staging/
│   ├── live/prod/
│   ├── scripts/deploy.sh
│   └── scripts/invalidate.sh
├── modules/
├── orchestration/
└── README.md

Frequently asked questions

Does this replace my SPA build toolchain?

No. Provision the hosting edge plus origin buckets; integrate your npm/Vite/webpack build externally, sync output to S3, and invalidate CDN paths as documented.

Can DNS live outside Route 53?

Yes. When route53_zone_id is unset you paste ACM DNS validation records wherever your apex DNS is delegated—matching the README flow.

What happens after checkout?

You receive secure product delivery links and, when a GitHub username is provided, private repository access for the purchased product.