terraform-cdn-s3-bucket/03-cdn.tf

resource "random_pet" "random_pet" {}

resource "stackit_objectstorage_bucket" "example" {
  project_id = var.stackit_project_id
  name       = random_pet.random_pet.id
}

resource "stackit_objectstorage_credentials_group" "example" {
  project_id = var.stackit_project_id
  name       = random_pet.random_pet.id
  depends_on = [stackit_objectstorage_bucket.example]
}

resource "stackit_objectstorage_credential" "example" {
  project_id           = var.stackit_project_id
  credentials_group_id = stackit_objectstorage_credentials_group.example.credentials_group_id
  expiration_timestamp = "2027-01-02T03:04:05Z"
}

provider "aws" {
  region                      = "eu01"
  skip_credentials_validation = true
  skip_region_validation      = true
  skip_requesting_account_id  = true

  access_key                  = stackit_objectstorage_credential.example.access_key
  secret_key                  = stackit_objectstorage_credential.example.secret_access_key

  endpoints {
    s3 = "https://object.storage.eu01.onstackit.cloud"
  }
}

resource "aws_s3_object" "test_file" {
  bucket = stackit_objectstorage_bucket.example.name
  key    = "index.html"
  source = "files/index.html"
  content_type = "text/plain"
  etag = filemd5("files/index.html")
}

resource "aws_s3_bucket_policy" "allow_public_read_access" {
  bucket = stackit_objectstorage_bucket.example.name
  policy = <<EOF
         {
            "Statement":[
               {
               "Sid": "Public GET",
               "Effect":"Allow",
               "Principal":"*",
               "Action":"s3:GetObject",
               "Resource":"urn:sgws:s3:::${stackit_objectstorage_bucket.example.name}/*"
               }
            ]
         }
         EOF
}

resource "stackit_cdn_distribution" "example_distribution" {
  project_id = var.stackit_project_id
  config = {
    backend = {
      type       = "http"
      origin_url = "https://object.storage.eu01.onstackit.cloud/${random_pet.random_pet.id}"
    }
    regions = ["EU", "US", "ASIA", "AF", "SA"]
    // provider bug if not providing empty list of blocked countries
    blocked_countries = []
  }

  depends_on = [stackit_objectstorage_bucket.example, stackit_objectstorage_credential.example]
}


output "url" {
  value = stackit_cdn_distribution.example_distribution.domains.0.name
}