From 8bbae1bbb853367262e94c8f2b16f3902be3806b Mon Sep 17 00:00:00 2001
From: Luke Kysow <lkysow@gmail.com>
Date: Fri, 6 Jul 2018 15:07:16 +0200
Subject: [PATCH] Remove unneeded tf for AWS site.

Site is now hosted on Netlify.
---
 runatlantis.io/terraform/main.tf              | 112 ++----------------
 .../modules/cloudfront_distribution/main.tf   |  49 --------
 .../cloudfront_distribution/outputs.tf        |   9 --
 .../cloudfront_distribution/variables.tf      |  16 ---
 .../terraform/s3_bucket_policy.json           |  12 --
 5 files changed, 12 insertions(+), 186 deletions(-)
 delete mode 100644 runatlantis.io/terraform/modules/cloudfront_distribution/main.tf
 delete mode 100644 runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf
 delete mode 100644 runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf
 delete mode 100644 runatlantis.io/terraform/s3_bucket_policy.json

diff --git a/runatlantis.io/terraform/main.tf b/runatlantis.io/terraform/main.tf
index 76dbc4c1d5..1f3137e4a3 100644
--- a/runatlantis.io/terraform/main.tf
+++ b/runatlantis.io/terraform/main.tf
@@ -1,7 +1,5 @@
-// This project sets up a static website at https://www.runatlantis.io and a
-// redirect from the root domain runatlantis.io to https://www.runatlantis.io.
-// We use S3 to host the site, ACM for the SSL cert and CloudFront to front it.
-// The site is generated by Hugo (see website/src).
+// This project sets up DNS entries for runatlantis.io. The site is hosted
+// on Netlify.
 
 provider "aws" {
   region = "us-east-1"
@@ -23,15 +21,10 @@ variable "root_domain_name" {
   default = "runatlantis.io"
 }
 
-// First, set up the regular domain: www.runatlantis.io
-
-// We want AWS to host our zone so its nameservers can point to our CloudFront
-// distribution.
 resource "aws_route53_zone" "zone" {
   name = "${var.root_domain_name}"
 }
 
-// This Route53 record will point at our CloudFront distribution.
 resource "aws_route53_record" "www" {
   zone_id = "${aws_route53_zone.zone.zone_id}"
   name    = "${var.www_domain_name}"
@@ -40,96 +33,6 @@ resource "aws_route53_record" "www" {
   records = ["runatlantis.netlify.com"]
 }
 
-// Use the AWS Certificate Manager to create an SSL cert for our domain.
-// This resource won't be created until you receive the email verifying you
-// own the domain and you click on the confirmation link.
-resource "aws_acm_certificate" "certificate" {
-  // We want a wildcard cert so we can host subdomains later.
-  domain_name       = "*.${var.root_domain_name}"
-  validation_method = "EMAIL"
-
-  // We also want the cert to be valid for the root domain even though we'll be
-  // redirecting to the www. domain immediately.
-  subject_alternative_names = ["${var.root_domain_name}"]
-}
-
-// Now we're going to create an S3 bucket to hold our static website.
-
-// Create an S3 Bucket that holds the website data. CloudFront will pull the
-// website from this bucket.
-resource "aws_s3_bucket" "www" {
-  bucket = "${var.www_domain_name}"
-  acl    = "public-read"
-  policy = "${data.template_file.www_s3_bucket_policy.rendered}"
-
-  website {
-    index_document = "index.html"
-    error_document = "404.html"
-  }
-}
-
-// This template allows us to de-duplicates the IAM policy we need to apply
-// to our S3 bucket to allow it to be readable by the world (since we want
-// everyone to be able to see our site).
-data "template_file" "www_s3_bucket_policy" {
-  template = "${file("s3_bucket_policy.json")}"
-
-  vars {
-    domain_name = "${var.www_domain_name}"
-  }
-}
-
-// Finally we're ready to create our CloudFront distribution. I've moved this
-// into a module because we need two of them (the second for the root domain)
-// and there's a lot of code that would have been duplicated.
-module "www_distribution" {
-  source = "./modules/cloudfront_distribution"
-
-  // CloudFront will use our SSL cert.
-  acm_certificate_arn = "${aws_acm_certificate.certificate.arn}"
-  cnames              = ["${var.www_domain_name}"]
-
-  // CloudFront uses the S3 bucket's "website endpoint" to pull the actual
-  // content for our website.
-  domain_name = "${aws_s3_bucket.www.website_endpoint}"
-
-  origin_id = "runatlantis_s3_bucket"
-}
-
-// We've set up our www.runatlantis.io domain, but we also want people to be
-// able to type runatlantis.io or https://runatlantis.io and get redirected
-// to https://www.runatlantis.io.
-// To do this, we need to set up an S3 bucket like before but have it just
-// redirect to https://www.runatlantis.io. We then need to set up a CloudFront
-// distribution to host that redirect.
-
-resource "aws_s3_bucket" "root" {
-  bucket = "${var.root_domain_name}"
-  acl    = "public-read"
-  policy = "${data.template_file.root_s3_bucket_policy.rendered}"
-
-  website {
-    // Note this redirect. Here's where the magic happens.
-    redirect_all_requests_to = "https://${var.www_domain_name}"
-  }
-}
-
-data "template_file" "root_s3_bucket_policy" {
-  template = "${file("s3_bucket_policy.json")}"
-
-  vars {
-    domain_name = "${var.root_domain_name}"
-  }
-}
-
-module "root_distribution" {
-  source              = "./modules/cloudfront_distribution"
-  acm_certificate_arn = "${aws_acm_certificate.certificate.arn}"
-  cnames              = ["${var.root_domain_name}"]
-  domain_name         = "${aws_s3_bucket.root.website_endpoint}"
-  origin_id           = "root_s3_bucket"
-}
-
 resource "aws_route53_record" "root" {
   zone_id = "${aws_route53_zone.zone.zone_id}"
 
@@ -137,6 +40,7 @@ resource "aws_route53_record" "root" {
   name    = ""
   type    = "A"
   ttl     = "300"
+  // This IP is for Netlify.
   records = ["104.198.14.52"]
 }
 
@@ -146,7 +50,7 @@ resource "aws_route53_record" "mailgun_txt_0" {
   name    = ""
   type    = "TXT"
   ttl     = "300"
-  records = ["v=spf1 include:mailgun.org ~all"]
+  records = ["v=spf1 include:mailgun.org include:servers.mcsv.net ~all"]
 }
 
 resource "aws_route53_record" "mailgun_txt_1" {
@@ -172,3 +76,11 @@ resource "aws_route53_record" "mailgun_cname" {
   ttl     = "300"
   records = ["mailgun.org"]
 }
+
+resource "aws_route53_record" "mailchimp_cname" {
+  zone_id = "${aws_route53_zone.zone.zone_id}"
+  name    = "k1._domainkey"
+  type    = "CNAME"
+  ttl     = "300"
+  records = ["dkim.mcsv.net"]
+}
diff --git a/runatlantis.io/terraform/modules/cloudfront_distribution/main.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/main.tf
deleted file mode 100644
index 1f48a39bd0..0000000000
--- a/runatlantis.io/terraform/modules/cloudfront_distribution/main.tf
+++ /dev/null
@@ -1,49 +0,0 @@
-resource "aws_cloudfront_distribution" "website_distribution" {
-  origin {
-    custom_origin_config {
-      http_port              = "80"
-      https_port             = "443"
-      origin_protocol_policy = "http-only"
-      origin_ssl_protocols   = ["TLSv1", "TLSv1.1", "TLSv1.2"]
-    }
-
-    domain_name = "${var.domain_name}"
-    origin_id   = "${var.origin_id}"
-  }
-
-  enabled             = true
-  default_root_object = "index.html"
-
-  default_cache_behavior {
-    // All values are defaults from the AWS console.
-    viewer_protocol_policy = "redirect-to-https"
-    compress               = true
-    allowed_methods        = ["GET", "HEAD"]
-    cached_methods         = ["GET", "HEAD"]
-    target_origin_id       = "${var.origin_id}"
-    min_ttl                = 0
-    default_ttl            = 86400
-    max_ttl                = 31536000
-
-    forwarded_values {
-      query_string = false
-
-      cookies {
-        forward = "none"
-      }
-    }
-  }
-
-  aliases = ["${var.cnames}"]
-
-  restrictions {
-    geo_restriction {
-      restriction_type = "none"
-    }
-  }
-
-  viewer_certificate {
-    acm_certificate_arn = "${var.acm_certificate_arn}"
-    ssl_support_method  = "sni-only"
-  }
-}
diff --git a/runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf
deleted file mode 100644
index 297ca4dcfa..0000000000
--- a/runatlantis.io/terraform/modules/cloudfront_distribution/outputs.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-output "domain_name" {
-  description = "The domain name for this distribution. Point your Route53 records here."
-  value       = "${aws_cloudfront_distribution.website_distribution.domain_name}"
-}
-
-output "hosted_zone_id" {
-  description = "Zone ID of the CloudFront distribution. Use this for your Route53 record."
-  value       = "${aws_cloudfront_distribution.website_distribution.hosted_zone_id}"
-}
diff --git a/runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf b/runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf
deleted file mode 100644
index df096ba2e2..0000000000
--- a/runatlantis.io/terraform/modules/cloudfront_distribution/variables.tf
+++ /dev/null
@@ -1,16 +0,0 @@
-variable "domain_name" {
-  description = "The website endpoint of your S3 bucket."
-}
-
-variable "origin_id" {
-  description = "Any string to name this origin."
-}
-
-variable "cnames" {
-  description = "CNAME's for this distribution."
-  type        = "list"
-}
-
-variable "acm_certificate_arn" {
-  description = "ARN of ACM certificate used to provide SSL for this distribution's domain name."
-}
diff --git a/runatlantis.io/terraform/s3_bucket_policy.json b/runatlantis.io/terraform/s3_bucket_policy.json
deleted file mode 100644
index 6628920a84..0000000000
--- a/runatlantis.io/terraform/s3_bucket_policy.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
-  "Version":"2012-10-17",
-  "Statement":[
-    {
-      "Sid":"AddPerm",
-      "Effect":"Allow",
-      "Principal": "*",
-      "Action":["s3:GetObject"],
-      "Resource":["arn:aws:s3:::${domain_name}/*"]
-    }
-  ]
-}
\ No newline at end of file