commit 630edb556e81e62b3fd230f5f28a5cec4474ec65
Author: Mauritz Uphoff <mauritz.uphoff@stackit.cloud>
Date:   Wed Aug 6 10:23:37 2025 +0200

    Initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..c8c13bb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+.idea
+terraform.*
+terraform.tfstate
+terraform.tfstate.backup
+keys/*
\ No newline at end of file
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..7a58e66
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,67 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "6.7.0"
+  hashes = [
+    "h1:vISrEI1xUh0w7NXTQ9m6ZEnQ1dv02yy+EJvxW78DAoI=",
+    "zh:3c0a256f813e5e2c1e1aa137204ad9168ebe487f6cee874af9e9c78eb300568e",
+    "zh:3c49dd75ea28395b29ba259988826b956c8adf6c0b59dd8874feb4f47bad976a",
+    "zh:3e6e3e3bfc6594f4f9e2c017ee588c5fcad394b87dd0b68a3f37cd66001f3c8c",
+    "zh:3f9b55826eeebf9b2ed448fc111d772c703e1edc6678e1bb646e66f3c3f9308f",
+    "zh:44e4ced936045ddc42d22c653a6427e7eb2b7aee918dff8438da0cb40996beb4",
+    "zh:474ab4d63918f41e8ea1cef43aeb1c719629dbf289db175c95de1431a8853ae7",
+    "zh:71b9e1d82c5ccc8d9bf72b3712c2b90722fc1f35a0f0f7a9557b9ee01971e6e2",
+    "zh:7723256d6ccc55f4000d1df8db202b02b30a7d917f5d31624c717e14ba15ea95",
+    "zh:82174836faa830aff0e47ea61d4cfbb5c97e1e944b1978f1d933acd37f584c88",
+    "zh:8e62fdc10206ba7232eec991e5a387378f2fbe47cc717b7f60eeb1df2c974514",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:be24dd2d53b224d7098e75ca432746e3420ce071189eea100aa8cbcd2498d389",
+    "zh:d27651d0e458933127ddca35a833e1a0f0ff0c131391288b3239763a2fd8f96f",
+    "zh:d33c181fff1b96bf8366e6c3d92408370b21649291e8f4d1f7e9a3fbb920fc9d",
+    "zh:edc0a0a84f85036c6d3df29d09557bd43206d9ee57b10542b484050f0f34d242",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.6.2"
+  constraints = "3.6.2"
+  hashes = [
+    "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=",
+    "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
+    "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
+    "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
+    "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
+    "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
+    "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
+    "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
+    "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
+    "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
+    "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
+  ]
+}
+
+provider "registry.terraform.io/stackitcloud/stackit" {
+  version     = "0.58.2"
+  constraints = "0.58.2"
+  hashes = [
+    "h1:h6MMVqF2oyukqqDSHo4i4N0n+oZoTlVOV457ZzdyxfQ=",
+    "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f",
+    "zh:13138dde5d37d481b75a94069b73230d2b788dfca21d2b55d85d617775b815d7",
+    "zh:13a7bb2148453780152223dbeaa084d6f80324a80882553c5f5796e0bbe8a25f",
+    "zh:1e40183a0562e8045ea65543d496309f512e92d946dd8a8cf63ae7cb2b0e3980",
+    "zh:24e8c6fd79a221a5dd7b0a890a8daaa8afe4a6fce0f45aabd54ef73845a5e962",
+    "zh:31e3156d55541880745a8f182e9c4a5236147a5ca87509e28c66eb11cea84e49",
+    "zh:3941249c9d2840daebd87bb62b7c366d3c2876b7e27accdd54375343c78864c5",
+    "zh:44078572520abe823f5069037592ed71655218a02c75e24c90a4ac2172340c8b",
+    "zh:844474ff0511648837e17e92f0c6cd2e689220e4d3eda208cb8ffc66ec55d51a",
+    "zh:a4347d892e183b6bda6ccb5b68bd8ebf7f4d115c6308337d91471b3f4fa28eeb",
+    "zh:a5f3c73a1aad484538117dcb2a1378a9679917be81719decfa9ceea60f918359",
+    "zh:ae41ac84590cdf4cbef6b85f20b1a7d5533db90e50b65e4555f1b9d4e223e0c7",
+    "zh:c91eda1818570da2d54b30062593b34196eb6b2ec9b0f045e5ea90d329cfe1ea",
+    "zh:da310fc4366b069cdcbf9a7de8c64bae9493bbf24ad836274d7833b7dca8d01d",
+    "zh:fc2038c5e48a49aec9df1f3c4d4a90f967f2ef51e15b5b1bd8740aceea91f980",
+  ]
+}
diff --git a/01-provider.tf b/01-provider.tf
new file mode 100644
index 0000000..dff2900
--- /dev/null
+++ b/01-provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source = "hashicorp/aws"
+    }
+    stackit = {
+      source = "stackitcloud/stackit"
+      version = "0.58.2"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.6.2"
+    }
+  }
+}
+
+provider "stackit" {
+  default_region           = "eu01"
+  service_account_key_path = var.stackit_service_account_key_path
+  enable_beta_resources    = true
+}
\ No newline at end of file
diff --git a/02-variables.tf b/02-variables.tf
new file mode 100644
index 0000000..f33ee0c
--- /dev/null
+++ b/02-variables.tf
@@ -0,0 +1,10 @@
+variable "stackit_project_id" {
+  type    = string
+  default = "d75e6aab-b616-4b42-ae3b-aaf161ad626d"
+}
+
+
+variable "stackit_service_account_key_path" {
+  type    = string
+  default = "./keys/stackit-sa.json"
+}
diff --git a/03-cdn.tf b/03-cdn.tf
new file mode 100644
index 0000000..742accf
--- /dev/null
+++ b/03-cdn.tf
@@ -0,0 +1,77 @@
+resource "random_pet" "random_pet" {}
+
+resource "stackit_objectstorage_bucket" "example" {
+  project_id = var.stackit_project_id
+  name       = random_pet.random_pet.id
+}
+
+resource "stackit_objectstorage_credentials_group" "example" {
+  project_id = var.stackit_project_id
+  name       = random_pet.random_pet.id
+  depends_on = [stackit_objectstorage_bucket.example]
+}
+
+resource "stackit_objectstorage_credential" "example" {
+  project_id           = var.stackit_project_id
+  credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
+  expiration_timestamp = "2027-01-02T03:04:05Z"
+}
+
+provider "aws" {
+  region                      = "eu01"
+  skip_credentials_validation = true
+  skip_region_validation      = true
+  skip_requesting_account_id  = true
+
+  access_key                  = stackit_objectstorage_credential.example.access_key
+  secret_key                  = stackit_objectstorage_credential.example.secret_access_key
+
+  endpoints {
+    s3 = "https://object.storage.eu01.onstackit.cloud"
+  }
+}
+
+resource "aws_s3_object" "test_file" {
+  bucket = stackit_objectstorage_bucket.example.name
+  key    = "index.html"
+  source = "files/index.html"
+  content_type = "text/plain"
+  etag = filemd5("files/index.html")
+}
+
+resource "aws_s3_bucket_policy" "allow_public_read_access" {
+  bucket = stackit_objectstorage_bucket.example.name
+  policy = <<EOF
+         {
+            "Statement":[
+               {
+               "Sid": "Public GET",
+               "Effect":"Allow",
+               "Principal":"*",
+               "Action":"s3:GetObject",
+               "Resource":"urn:sgws:s3:::${stackit_objectstorage_bucket.example.name}/*"
+               }
+            ]
+         }
+         EOF
+}
+
+resource "stackit_cdn_distribution" "example_distribution" {
+  project_id = var.stackit_project_id
+  config = {
+    backend = {
+      type       = "http"
+      origin_url = "https://object.storage.eu01.onstackit.cloud/${random_pet.random_pet.id}"
+    }
+    regions = ["EU", "US", "ASIA", "AF", "SA"]
+    // provider bug if not providing empty list of blocked countries
+    blocked_countries = []
+  }
+
+  depends_on = [stackit_objectstorage_bucket.example, stackit_objectstorage_credential.example]
+}
+
+
+output "url" {
+  value = stackit_cdn_distribution.example_distribution.domains.0.name
+}
\ No newline at end of file
diff --git a/files/index.html b/files/index.html
new file mode 100644
index 0000000..95d09f2
--- /dev/null
+++ b/files/index.html
@@ -0,0 +1 @@
+hello world
\ No newline at end of file