diff --git a/doc/tf/bucket.tf b/doc/tf/bucket.tf
index 1d3f32d14..deba16aa8 100644
--- a/doc/tf/bucket.tf
+++ b/doc/tf/bucket.tf
@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "website" {
-  bucket = "entgo.io"
+  bucket = local.domain_name
   acl    = "public-read"
 
   server_side_encryption_configuration {
@@ -22,7 +22,7 @@ data "aws_iam_policy_document" "website" {
     ]
 
     resources = [
-      format("%s/*", aws_s3_bucket.website.arn)
+      "${aws_s3_bucket.website.arn}/*"
     ]
 
     principals {
@@ -35,4 +35,4 @@ data "aws_iam_policy_document" "website" {
 resource "aws_s3_bucket_policy" "website" {
   bucket = aws_s3_bucket.website.id
   policy = data.aws_iam_policy_document.website.json
-}
\ No newline at end of file
+}
diff --git a/doc/tf/cert.tf b/doc/tf/cert.tf
new file mode 100644
index 000000000..127d229ab
--- /dev/null
+++ b/doc/tf/cert.tf
@@ -0,0 +1,31 @@
+
+resource "aws_acm_certificate" "cert" {
+  domain_name       = aws_route53_zone.zone.name
+  validation_method = "DNS"
+
+  subject_alternative_names = [
+    "*.${aws_route53_zone.zone.name}"
+  ]
+
+  tags = {
+    Name = aws_route53_zone.zone.name
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "cert_validation" {
+  name            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
+  type            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
+  zone_id         = aws_route53_zone.zone.id
+  records         = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
+  ttl             = 60
+  allow_overwrite = true
+}
+
+resource "aws_acm_certificate_validation" "cert" {
+  certificate_arn         = aws_acm_certificate.cert.arn
+  validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
+}
diff --git a/doc/tf/domain.tf b/doc/tf/domain.tf
new file mode 100644
index 000000000..a5829aa58
--- /dev/null
+++ b/doc/tf/domain.tf
@@ -0,0 +1,15 @@
+locals {
+  domain_name = "entgo.io"
+}
+
+resource "aws_route53_zone" "zone" {
+  name = local.domain_name
+}
+
+resource "aws_route53_record" "ns" {
+  name    = aws_route53_zone.zone.name
+  type    = "NS"
+  zone_id = aws_route53_zone.zone.id
+  ttl     = 300
+  records = aws_route53_zone.zone.name_servers
+}
diff --git a/doc/tf/main.tf b/doc/tf/main.tf
index 4c0437643..493883a84 100644
--- a/doc/tf/main.tf
+++ b/doc/tf/main.tf
@@ -5,4 +5,6 @@ terraform {
     key            = "terraform.tfstate"
     dynamodb_table = "entgo.terraform.lock"
   }
+
+  required_version = "> 0.12"
 }