Our team at Webelight Solutions frequently deploys static websites on AWS S3, served through CloudFront. These websites display information and visuals like a flier but aren’t interactive as you can’t click on buttons, fill out forms, or watch video clips. Initially, we created separate Terraform configuration files for each project. While this approach worked, it led to code duplication and increased maintenance overhead. To optimize our workflow and improve maintainability, we decided to create a reusable Terraform module.
Terraform: Your multi-cloud deployment tool
Terraform is a popular Infrastructure as code (Iac) software tool introduced by Hashicorp. Its configuration files are also written in HashiCorp Configuration Language (HCL). With the help of this tool, you can not only generate but keep your AWS infrastructure up-to-date. It serves as a helping hand for DevOps engineers who find managing multi-cloud deployments troublesome and struggle with provisioning.
Through our expertise in website deployment, we’ll explain how you can utilize Terraform to deploy a static website on AWS where you can build and run your projects without needing to manage your hardware. Not only that, you will get to understand services like S3, CloudFront, and CloudFlare. Even if you are new to AWS, this simple guide will usher you toward understanding the nuances of website deployment, give you a better grasp on the terraform module structure, and teach you how to streamline this process on AWS by breaking down all components one by one.
Architecture and flow of hosting a static website on AWS
Let’s understand how you can host a static website on AWS with this flow:-
a) Client: The user who is trying to access the website.
b) Cloudflare: Directs the website request to the correct CloudFront distribution.
c) AWS Certificate Manager (TLS Certificate): Ensures the website connection is encrypted and secure.
d) CloudFront Distribution: Delivers the website content quickly by either serving cached files or fetching them from S3.
e) CloudFront OAC + S3 Bucket Policy: Makes sure that only authorized CloudFront distributions can access the S3 bucket.
f) Private S3 Bucket: Stores the website's static files securely and allows access only through CloudFront.
g) Static Web Files: HTML, CSS, JavaScript files, and other assets stored in S3 and served to users via CloudFront.
Challenges of creating separate Terraform configuration files
1) Code Duplication
Each new project required creating similar sets of Terraform files, leading to redundant code. Specifying bucket names, configuring DNS records for each domain, versioning, and lifecycle rules were becoming repetitive. Access control lists (ACLs) and bucket policies were also getting duplicated.
2) Maintenance Overhead
Updating configurations for bug fixes, and security patches across multiple projects was time-consuming and prone to errors as each project demanded individual attention. The risk of introducing inconsistencies was becoming more significant as there could be a need to update a critical security policy across dozens of separate configurations.
3) Scalability Issues
As the number of projects grew, managing individual configurations became increasingly complex. Separate configurations could disrupt the collaboration within our team. Sharing configurations, documenting changes, and ensuring consistency across deployments became more challenging.
Key Objectives for Managing Infrastructure with Terraform
1) Reduce Code Duplication
Create a single, reusable Terraform module for static website deployment. In this way, we could reduce the line of code we had to write and maintain. For this, we can simply use the terraform module and reference it when it's required by passing various parameters. This would also help ensure consistency throughout our infrastructure.
2) Simplify Maintenance
Ensure configuration updates can be made in one place and propagated to all projects. This can be done by encapsulation components into a centralized unit and now, you can easily keep and manage all your configuration files. Having a robust module library not only simplifies the creation but also facilitates ongoing maintenance of existing configurations.
3) Improve Scalability
Enable easy addition of new projects without extensive setup. You can update a single module and deploy it to all other configurations using the same module. Modules may be readily replicated and modified by engineers to meet evolving needs, whether they include expanding to handle growing workloads, adding additional resources, or upgrading settings.
4) Automate Deployment
Integrate the deployment process with Jenkins for continuous integration and delivery (CI/CD). The objective of automating infrastructure deployment using Terraform is to enable safe and predictable management of cloud resources through declarative configuration files. This approach involves configuring Terraform to deploy an AWS environment comprising an auto mode network, firewall rule, and multiple VM instances.
How we overcame these hurdles and solved the problem?
We developed a Terraform module encapsulating the resources and configurations needed for deploying a static website on S3 and serving it through CloudFront. Additionally, we integrated Jenkins to automate the deployment process. This module includes:
1) S3 Bucket
For storing static website files like HTML, CSS, JavaScript, images, and other assets. We can host and serve these files securely as it assures encryption and keeps the website files accessible and protected.
2) CloudFront Distribution
CloudFront is a content delivery network (CDN) service that we use for serving websites with low latency and high transfer speeds. It reduces latency and improves transfer speed by caching website content at edge locations worldwide for end-users.
3) Dynamic Configuration
Using variables and dynamic blocks in Terraform, we parameterized our Environment-specific configurations. It helped us deploy the same infrastructure with varying settings based on environment-specific variables (e.g., development, staging, production).
How Our Team implemented the reusable Terraform Modules?
Diagram
Here is a diagram to illustrate the process:
Terraform Module Structure
static-website/
├── main.tf
├── variables.tf
├── outputs.tf
└── README.md
a) main.tf: Defines the AWS resources (S3 bucket, CloudFront distribution).
b) variables.tf: Declares input variables to customize the module (e.g., domain name, environment).
c) outputs.tf: Defines output values (e.g., CloudFront domain name).
Jenkins Pipeline
We created a Jenkins pipeline to automate the deployment process. The pipeline:
a) Triggers the pipeline: Starts the deployment process(which will clone the specific branch, SonarQube check for bugs, etc).
b) Deploys Static Website: Uploads the static website files to the S3 bucket.
c) Invalidates CloudFront Cache: Ensures that the latest content is served by invalidating the CloudFront cache.
Usage of the Reusable Terraform module
We integrated the module into our project-specific Terraform configurations. For each project, we only need to provide environment-specific variables, significantly reducing the amount of code required.
module "static_website" {
source = "gitlab.webelight.co.in/webelight/static-website/aws"
version = "0.0.1"
bucket_name = var.bucket_name
environment = var.environment
.
.
}
Benefits
a) Efficiency: Reduced the time required to set up new projects.
b) Consistency: Ensured uniform configurations across projects.
c) Maintainability: Simplified updates, as changes are made in the module and inherited by all projects.
d) Scalability: Easily helped in adding new projects by using the module with minimal configuration.
e) Automation: Streamlined deployment process through Jenkins, enabling continuous integration and delivery.
Unlock Tech Excellence & Security at Every Step
By creating reusable Terraform modules to deploy a static website on AWS S3 and serving them through CloudFront, and automating the deployment process with Jenkins, we streamlined our deployment process, reduced redundancy, and improved maintainability. This approach has enabled our team to efficiently manage multiple projects with consistent configurations and reduced overhead. We’d really appreciate it if you give your thoughts on this and share your knowledge as that would help enlighten and educate readers who are curious to learn more about such concepts. Share this blog as much as you can and spread your newly-attained wisdom!
At Webelight Solutions, Our team understands the challenges of fragmented workflows and communication gaps. Our cloud computing and security solutions are designed to protect your clients' sensitive financial data, enhance customer trust, and ensure compliance with regulatory requirements. Our DevOps engineers excel in cloud security, CI/CD automation, and agile collaboration. By partnering with us, you gain access to advanced security technologies and comprehensive threat intelligence that helps safeguard your company's financial security.