After running terraform apply
, I made a change to one of the files. I was re-running terraform apply
and was expecting it to run the resource resource "aws_s3_bucket_object.frontend_bucket_content
, but it didn't:
# https://stackoverflow.com/questions/57456167/uploading-multiple-files-in-aws-s3-from-terraform
# https://registry.terraform.io/modules/hashicorp/dir/template/latest
module "template_files" {
source = "hashicorp/dir/template"
base_dir = local.frontend_deliverables
}
resource "aws_s3_bucket_object" "frontend_bucket_content" {
for_each = module.template_files.files
bucket = aws_s3_bucket.frontend_bucket.bucket
key = each.key
content_type = each.value.content_type
source = each.value.source_path
etag = each.value.digests.md5
server_side_encryption = "AES256"
depends_on = [
null_resource.build_frontend
]
}
What am I missing? here's the full code:
locals {
frontend_directory = "./frontend"
frontend_deliverables = "${local.frontend_directory}/build"
frontend_bucket_name = "my-bucket"
}
resource "null_resource" "build_frontend" {
provisioner "local-exec" {
command = "npm run build"
interpreter = ["PowerShell", "-Command"]
working_dir = "${path.module}/frontend"
}
triggers = {
always_run = timestamp()
}
}
resource "aws_s3_bucket" "frontend_bucket" {
bucket = local.frontend_bucket_name
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
# https://stackoverflow.com/questions/57456167/uploading-multiple-files-in-aws-s3-from-terraform
# https://registry.terraform.io/modules/hashicorp/dir/template/latest
module "template_files" {
source = "hashicorp/dir/template"
base_dir = local.frontend_deliverables
}
resource "aws_s3_bucket_object" "frontend_bucket_content" {
for_each = module.template_files.files
bucket = aws_s3_bucket.frontend_bucket.bucket
key = each.key
content_type = each.value.content_type
source = each.value.source_path
etag = each.value.digests.md5
server_side_encryption = "AES256"
depends_on = [
null_resource.build_frontend
]
}
resource "aws_cloudfront_distribution" "s3_distribution" {
origin {
domain_name = aws_s3_bucket.frontend_bucket.bucket_regional_domain_name
origin_id = "S3-${aws_s3_bucket.frontend_bucket.id}"
s3_origin_config {
origin_access_identity = aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path
}
}
default_root_object = "index.html"
restrictions {
geo_restriction {
restriction_type = "none"
}
}
default_cache_behavior {
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "S3-${aws_s3_bucket.frontend_bucket.id}" # must equate "origin_id" above..
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
enabled = true
}
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "my-tf-test-identity"
}
data "aws_iam_policy_document" "s3_policy" {
statement {
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.frontend_bucket.arn}/*"]
principals {
type = "AWS"
identifiers = [aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn]
}
}
}
resource "aws_s3_bucket_policy" "frontend_s3_bucket_policy" {
bucket = aws_s3_bucket.frontend_bucket.id
policy = data.aws_iam_policy_document.s3_policy.json
}