Closed mmeloni closed 5 years ago
I have a strange behaviour. Password are prompted but I'm able to access to my files also with a wrong pw.
terraform { backend "s3" { bucket = "***" key = "terraform/terraform.tfstate" region = "eu-west-1" } } # AWS Region for S3 and other resources provider "aws" { region = "eu-west-1" alias = "main" } # AWS Region for Cloudfront (ACM certs only supports us-east-1) provider "aws" { region = "us-east-1" alias = "cloudfront" } # Variables variable "fqdn" { description = "The fully-qualified domain name of the resulting S3 website." default = "*****" } variable "domain" { description = "The domain name / ." default = "***" } # Allowed IPs that can directly access the S3 bucket variable "allowed_ips" { type = "list" default = [ "10.0.0.0/32" ] } # Using this module module "main" { source = "github.com/riboseinc/terraform-aws-s3-cloudfront-website" fqdn = "${var.fqdn}" ssl_certificate_arn = "${aws_acm_certificate_validation.cert.certificate_arn}" allowed_ips = "${var.allowed_ips}" index_document = "index.html" error_document = "404.html" refer_secret = "${base64sha512("REFER-SECRET-19265125-${var.fqdn}-52865926")}" force_destroy = "true" providers { "aws.main" = "aws.main" "aws.cloudfront" = "aws.cloudfront" } # Optional WAF Web ACL ID, defaults to none. #web_acl_id = "${data.terraform_remote_state.site.waf-web-acl-id}" ### only used with module "lambda" bellow ### lambda_edge_enabled = "true" lambda_edge_arn_version = "${module.lambda.arn}:${module.lambda.version}" } ### integrate with module terraform-aws-s3-cloudfront-website to support basic-auth ### Remember that lambda need same region as cloudfront us-west-1 module "lambda" { source = "git::https://github.com/riboseinc/terraform-aws-lambda-edge-authentication" # to define blacklist/whitelist, see https://github.com/riboseinc/terraform-aws-lambda-edge-authentication/blob/master/README.adoc bucketName = "****.htaccess" bucketKey = "config.json" cookieDomain = "*****" } # ACM Certificate generation resource "aws_acm_certificate" "cert" { provider = "aws.cloudfront" domain_name = "${var.fqdn}" validation_method = "DNS" } resource "aws_route53_record" "cert_validation" { provider = "aws.cloudfront" name = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_name}" type = "${aws_acm_certificate.cert.domain_validation_options.0.resource_record_type}" zone_id = "${data.aws_route53_zone.main.id}" records = ["${aws_acm_certificate.cert.domain_validation_options.0.resource_record_value}"] ttl = 60 } resource "aws_acm_certificate_validation" "cert" { provider = "aws.cloudfront" certificate_arn = "${aws_acm_certificate.cert.arn}" validation_record_fqdns = ["${aws_route53_record.cert_validation.fqdn}"] } # Route 53 record for the static site data "aws_route53_zone" "main" { provider = "aws.main" name = "${var.domain}" private_zone = false } resource "aws_route53_record" "web" { provider = "aws.main" zone_id = "${data.aws_route53_zone.main.zone_id}" name = "${var.fqdn}" type = "A" alias { name = "${module.main.cf_domain_name}" zone_id = "${module.main.cf_hosted_zone_id}" evaluate_target_health = false } } # Outputs output "s3_bucket_id" { value = "${module.main.s3_bucket_id}" } output "s3_domain" { value = "${module.main.s3_website_endpoint}" } output "s3_hosted_zone_id" { value = "${module.main.s3_hosted_zone_id}" } output "cloudfront_domain" { value = "${module.main.cf_domain_name}" } output "cloudfront_hosted_zone_id" { value = "${module.main.cf_hosted_zone_id}" } output "cloudfront_distribution_id" { value = "${module.main.cf_distribution_id}" } output "route53_fqdn" { value = "${aws_route53_record.web.fqdn}" } output "acm_certificate_arn" { value = "${aws_acm_certificate_validation.cert.certificate_arn}" }
@mmeloni thank you for the report!
@phuonghuynh could you help verify this problem? Thanks!
@mmeloni @ronaldtse fixed in ab0f2e8 master branch.
I have a strange behaviour. Password are prompted but I'm able to access to my files also with a wrong pw.