professional-service/examples/cdn-s3-static-website
2026-07-01 13:40:32 +02:00
..
files example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
.terraform.lock.hcl example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
010-provider.tf example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
020-variables.tf example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
030-object-storage.tf example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
040-bucket-setup.tf example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
050-cdn.tf example(cdn): remove redirect option 2026-06-23 16:23:34 +02:00
060-outputs.tf example(cdn): remove redirect option 2026-06-23 16:23:34 +02:00
MAINTAINERS.md example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00
README.md example(cdn): remove redirect option 2026-06-23 16:23:34 +02:00
stackit.docs.yaml hackathon: work on idea 2026-07-01 13:40:32 +02:00
terraform.tfvars.example example(cdn): add example on how to use cdn with s3 2026-06-23 15:05:43 +02:00

Static Website on STACKIT CDN with S3 Backend

A reference implementation showing how to deploy a static website using STACKIT CDN with STACKIT Object Storage as the origin.


Architecture

flowchart LR
  U(User) -->|HTTPS request| Edge(CDN Edge)
  Edge --> B(Bucket)
  Edge -->|cached response| U

  subgraph WAF
    Edge
  end

Prerequisites

  • Terraform >= 1.5
  • A STACKIT project
  • A STACKIT service account with sufficient permissions
  • A STACKIT service account JSON key file

Setup

Copy terraform.tfvars.example to terraform.tfvars and fill in your values, then run:

terraform init
terraform apply

After apply, visit the output domain:

bucket_name = "firm-dassie"
cdn_distribution_id = "xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx"
cdn_managed_domain = "https://xxxxxxx.cdn.onstackit.cloud"
cdn_status = "ACTIVE"

Configuration

Variables

Variable Description Default
stackit_project_id STACKIT project ID
stackit_service_account_key_path Path to SA key JSON
stackit_region STACKIT region eu01
cdn_enabled_regions CDN regions: EU, US, ASIA, AF, SA ["EU"]
cdn_blocked_countries ISO 3166-1 alpha-2 codes to block []

Verify WAF

WAF

The example enables the WAF in ENABLED mode with @builtin/crs/request rules, restricting accepted methods to GET and HEAD.

URL=$(terraform output -raw cdn_managed_domain)

# GET request — allowed (200)
curl -sI "${URL}/"

# POST request — blocked by WAF (403)
curl -sI -X POST "${URL}/"

# HEAD request — allowed (200)
curl -sI --head "${URL}/"

If the WAF blocks the POST request correctly, you'll see a 403 Forbidden response. If you see 200 OK, the WAF is either not yet active or misconfigured.


Cleanup

terraform destroy

References