Setting up static website hosting in a Yandex Object Storage bucket with Yandex Cloud CDN access using Terraform

Written by

Yandex Cloud

Updated at November 27, 2025

Get your cloud ready
- Required paid resources
Add a certificate to Certificate Manager
Create your infrastructure
Test the CDN
How to delete the resources you created

To set up the infrastructure for website hosting in a bucket with Yandex Cloud CDN access using Terraform:

If you no longer need the resources you created, delete them.

Get your cloud ready

Navigate to the management console and log in to Yandex Cloud or create a new account.
On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

Required paid resources

The infrastructure support cost for a bucket-hosted site with CDN access includes:

A fee for outgoing traffic from CDN servers (see Cloud CDN pricing).
Fee for data storage in Object Storage, data operations, and outbound traffic (see Object Storage pricing).
Fee for public DNS requests and DNS zones if using Yandex Cloud DNS (see Cloud DNS pricing).

Add a certificate to Certificate Manager

Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

The certificate must be located in the same folder as your CDN resource.

For a Let's Encrypt® certificate, pass an ownership check for the domain specified in the certificate.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

To create an infrastructure using Terraform:

Install Terraform, get the credentials, and specify the source for installing Yandex Cloud (see Configure your provider, step 1).

Set up your infrastructure description files:

Ready-made configuration

Manually

Clone the repository with configuration files.

git clone https://github.com/yandex-cloud-examples/yc-s3-cdn-hosting.git

Navigate to the repository directory. It should now contain the following files:
- index.html: Website home page file.
- yc-cdn-hosting.tf: New infrastructure configuration.
- yc-cdn-hosting.auto.tfvars: User data file.

Create a folder for configuration files.

In the folder, create:

The home page file for the website, index.html:

index.html

<!DOCTYPE html>
<html>
  <head>
    <title>My site</title>
  </head>
  <body>
    <p>The site is working</p>
  </body>
</html>

yc-cdn-hosting.tf configuration file:

yc-cdn-hosting.tf

# Declaring variables with sensitive data

variable "folder_id" {
  type = string
}

variable "domain" {
  type = string
}

variable "cert_id" {
  type = string
}

# Configuring the provider

terraform {
  required_providers {
    yandex = {
      source = "yandex-cloud/yandex"
    }
  }
  required_version = ">=0.136.0"
}

# Getting TLS certificate info

data "yandex_cm_certificate" "example_by_id" {
  certificate_id = var.cert_id
}

# Creating a bucket

resource "yandex_storage_bucket" "main-bucket" {
  bucket    = var.domain
  folder_id = var.folder_id
  max_size  = "1073741824"
  website {
    index_document = "index.html"
  }
  https {
    certificate_id = data.yandex_cm_certificate.example_by_id.id
  }

  depends_on = [data.yandex_cm_certificate.example_by_id]
}

# Configuring access permissions for a bucket

resource "yandex_storage_bucket_grant" "my_grant_main" {
  bucket = yandex_storage_bucket.main-bucket.id
  grant {
    uri         = "http://acs.amazonaws.com/groups/global/AllUsers"
    permissions = ["READ"]
    type        = "Group"
  }
  depends_on = [yandex_storage_bucket.main-bucket]
}

# Upload an object to a bucket

resource "yandex_storage_object" "index-page" {
  bucket     = yandex_storage_bucket.main-bucket.id
  key        = "index.html"
  source     = "index.html"
  depends_on = [yandex_storage_bucket_grant.my_grant_main]
}

# Creating a DNS zone

resource "yandex_dns_zone" "zone1" {
  name   = "mydnszone"
  zone   = "${var.domain}."
  public = true
}

# Creating a DNS record

resource "yandex_dns_recordset" "rs1" {
  zone_id    = yandex_dns_zone.zone1.id
  name       = "cdn"
  type       = "CNAME"
  ttl        = 600
  data       = ["${data.yandex_cdn_resource.my_resource.provider_cname}"]
  depends_on = [yandex_cdn_resource.my_resource]
}

# Getting CDN resource info

data "yandex_cdn_resource" "my_resource" {
  resource_id = yandex_cdn_resource.my_resource.id
}

# Creating an origin group

resource "yandex_cdn_origin_group" "my_group" {
  name     = "updates-origin-group"
  use_next = true
  origin {
    source = "${var.domain}.website.yandexcloud.net"
  }
}

# Creating a CDN resource

resource "yandex_cdn_resource" "my_resource" {
  cname             = "cdn.${var.domain}"
  active            = true
  origin_protocol   = "http"
  origin_group_name = yandex_cdn_origin_group.my_group.name
  options {
    custom_host_header     = "${var.domain}.website.yandexcloud.net"
    redirect_http_to_https = true
  }
  ssl_certificate {
    type                   = "certificate_manager"
    certificate_manager_id = data.yandex_cm_certificate.example_by_id.id
  }
}

yc-cdn-hosting.auto.tfvars user data file:

yc-cdn-hosting.auto.tfvars

folder_id = "<folder_ID>"
domain    = "<domain_name>"
cert_id   = "<TLS_certificate_ID>"

Learn more about the properties of Terraform resources in the relevant provider guides:

TLS certificate: yandex_cm_certificate data source.
Bucket: yandex_storage_bucket.
Configuring access permissions for a bucket using ACL Object Storage: yandex_storage_bucket_grant.
Object: yandex_storage_object.
DNS zone: yandex_dns_zone.
DNS resource record: yandex_dns_recordset.
CDN resource: yandex_cdn_resource.
Origin group: yandex_cdn_origin_group.

In the yc-cdn-hosting.auto.tfvars file, set the following user-defined properties:
- folder_id: Folder ID.
- domain: Primary domain name, e.g., example.com.
  To use domain names in the public DNS zone, you need to delegate it to authoritative name servers. Specify ns1.yandexcloud.net and ns2.yandexcloud.net server addresses in your registrar's account settings.
- cert_id: Certificate Manager TLS certificate ID, with domain ownership verified.
Create the resources:
1. In the terminal, go to the directory where you edited the configuration file.
2. Make sure the configuration file is correct using this command:
```
terraform validate
```
  If the configuration is correct, you will get this message:
```
Success! The configuration is valid.
```
3. Run this command:
```
terraform plan
```
  You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
4. Apply the changes:
```
terraform apply
```
5. Type yes and press Enter to confirm the changes.

Warning

After the CDN resource is set up, it may take up to 15 minutes for it to go live.

Make sure the new CDN resource is fully functional before proceeding with the next steps.

Test the CDN

Wait for the DNS records to get updated (this may take several hours).

Check if the website is accessible: use the new URL, cdn.example.com, to open it. You should be redirected to the https://cdn.example.com website with a TLS certificate from Certificate Manager already connected and content sourced from Cloud CDN.

How to delete the resources you created

To stop paying for the resources you created:

Open the yc-cdn-hosting.tf file and delete your infrastructure description from it.
Apply the changes:
1. In the terminal, go to the directory where you edited the configuration file.
2. Make sure the configuration file is correct using this command:
```
terraform validate
```
  If the configuration is correct, you will get this message:
```
Success! The configuration is valid.
```
3. Run this command:
```
terraform plan
```
  You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.
4. Apply the changes:
```
terraform apply
```
5. Type yes and press Enter to confirm the changes.

Setting up static website hosting in a Yandex Object Storage bucket with Yandex Cloud CDN access using Terraform

Get your cloud ready

Required paid resources

Add a certificate to Certificate Manager

Create your infrastructure

Test the CDN

How to delete the resources you created

See also

Was the article helpful?

Setting up static website hosting in a Yandex Object Storage bucket with Yandex Cloud CDN access using Terraform

Get your cloud readyGet your cloud ready

Required paid resourcesRequired paid resources

Add a certificate to Certificate ManagerAdd a certificate to Certificate Manager

Create your infrastructureCreate your infrastructure

Test the CDNTest the CDN

How to delete the resources you createdHow to delete the resources you created

See alsoSee also

Was the article helpful?

Get your cloud ready

Required paid resources

Add a certificate to Certificate Manager

Create your infrastructure

Test the CDN

How to delete the resources you created

See also