From 05a25f06c1d7af3bf56f50a7a4ab401cea5c6fa1 Mon Sep 17 00:00:00 2001
From: Ben Limmer <ben@benlimmer.com>
Date: Sun, 15 May 2022 12:30:30 -0600
Subject: [PATCH] feat: allow cloudfront invalidations Fixes #70

---
 README.md                     | 14 ++++++++++----
 ecs.tf                        |  6 ++++++
 modules/cloudfront/outputs.tf |  5 +++++
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index b60f4c5..0e89063 100644
--- a/README.md
+++ b/README.md
@@ -194,10 +194,16 @@ Default password: techtospeech.com
 Change these on first log in or specify your own in module instantiation.
 
 You will find WP2Static with S3 Add-on installed. Go to the WP2Static Menu->Addons, and click the 'Disabled' button to
-Enable the Add-on.
-
-The configuration of the plugin has been set up such that no additional configuration is required unless you wish to
-change any options.
+Enable the Add-on. Enable enabling, click the Configure icon on this page. In the S3 table, change "Object ACL" from
+"public-read" to "private". In the CloudFront table, copy the region from the S3 table and enter your CloudFront
+Distribution ID. You can find the ID in the AWS console. Then click "Save S3 Options". See
+[this GitHub issue](https://github.com/TechToSpeech/terraform-aws-serverless-static-wordpress/issues/15) to automate
+these changes.
+
+Finally, you'll need to configure permalinks to a format that is supported on static sites. Go to Settings -> Permalinks
+in the sidebar. By default, `plain` is likely selected. You need to change this to any other format for static
+publishing to work. Click "Save Changes" to confirm the change. You can confirm you have selected a valid choice by
+viewing WP2Static Menu -> Diagnostics.
 
 You may now edit Wordpress as you would normally, customize your site as you like, and when ready proceed to the 'Run'
 section of the WP2Static plugin, and click the 'Generate Static Site' button. This will take some minutes depending on
diff --git a/ecs.tf b/ecs.tf
index 21dd3f1..8b42e5b 100644
--- a/ecs.tf
+++ b/ecs.tf
@@ -40,6 +40,12 @@ data "aws_iam_policy_document" "wordpress_bucket_access" {
     effect    = "Allow"
     resources = ["arn:aws:route53:::hostedzone/${var.hosted_zone_id}"]
   }
+
+  statement {
+    actions = ["cloudfront:CreateInvalidation"]
+    effect  = "Allow"
+    resources = [module.cloudfront.wordpress_cloudfront_distribution_arn]
+  }
 }
 
 resource "aws_iam_policy" "wordpress_bucket_access" {
diff --git a/modules/cloudfront/outputs.tf b/modules/cloudfront/outputs.tf
index 095bb99..8987fc5 100644
--- a/modules/cloudfront/outputs.tf
+++ b/modules/cloudfront/outputs.tf
@@ -6,6 +6,11 @@ output "wordpress_bucket_arn" {
   value = aws_s3_bucket.wordpress_bucket.arn
 }
 
+
+output "wordpress_cloudfront_distribution_arn" {
+  value = aws_cloudfront_distribution.wordpress_distribution.arn
+}
+
 output "wordpress_cloudfront_distribution_domain_name" {
   value = aws_cloudfront_distribution.wordpress_distribution.domain_name
 }