-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudformation.yaml
137 lines (136 loc) · 4.25 KB
/
cloudformation.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
AWSTemplateFormatVersion : "2010-09-09"
Description : "A Cloudformation template for generating static site hosting using S3, Cloud Front, ACM, and R53"
Parameters:
DomainName:
Description: "The domain name of a hosted zone within Route 53. Will be used for the website you're deploying."
AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
ConstraintDescription: "Must be a valid domain name (e.g. example.com)."
Type: String
Resources:
SiteBucket:
Type: "AWS::S3::Bucket"
DependsOn: LogBucket
Properties:
AccessControl: "PublicRead"
BucketName: !Join [ '-', [!Ref DomainName, "cdn"]]
WebsiteConfiguration:
ErrorDocument: "404.html"
IndexDocument: "index.html"
LoggingConfiguration:
DestinationBucketName: !Join [ '-', [!Ref DomainName, "log"]]
LogFilePrefix: !Ref DomainName
Tags:
- Key: "static-site"
Value: !Ref DomainName
DeletionPolicy: Retain
SiteBucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
PolicyDocument:
Id: !Join [ '-', [!Ref DomainName, "policy"]]
Version: "2012-10-17"
Statement:
- Sid: "PublicReadForGetBucketObjects"
Effect: "Allow"
Principal: "*"
Action: "s3:GetObject"
Resource: !Join [ '', ["arn:aws:s3:::", !Ref SiteBucket, "/*"]]
Bucket: !Ref SiteBucket
LogBucket:
Type: "AWS::S3::Bucket"
Properties:
AccessControl: LogDeliveryWrite
BucketName: !Join [ '-', [!Ref DomainName, "log"]]
Tags:
- Key: "static-site"
Value: !Ref DomainName
DeletionPolicy: Retain
TLSCert:
Type: "AWS::CertificateManager::Certificate"
Properties:
DomainName: !Ref DomainName
SubjectAlternativeNames:
- !Sub
- "www.${Domain}"
- { Domain: !Ref DomainName }
Tags:
- Key: "static-site"
Value: !Ref DomainName
CFDistro:
Type: "AWS::CloudFront::Distribution"
Properties:
DistributionConfig:
Aliases:
- !Ref DomainName
- !Sub
- www.${Domain}
- { Domain: !Ref DomainName}
CustomErrorResponses:
- ErrorCode: 403
ResponsePagePath: "/404.html"
ResponseCode: "404"
ErrorCachingMinTTL: 300
- ErrorCode: 404
ResponsePagePath: "/404.html"
ResponseCode: "404"
ErrorCachingMinTTL: 300
DefaultRootObject: "index.html"
DefaultCacheBehavior:
AllowedMethods:
- "GET"
- "HEAD"
CachedMethods:
- "GET"
- "HEAD"
Compress: true
DefaultTTL: 1800
MaxTTL: 2000
MinTTL: 300
TargetOriginId: "site-bucket-origin"
ViewerProtocolPolicy: "redirect-to-https"
ForwardedValues:
Cookies:
Forward: "all"
QueryString: true
Enabled: true
PriceClass: PriceClass_100
ViewerCertificate:
SslSupportMethod: "sni-only"
AcmCertificateArn: !Ref TLSCert
MinimumProtocolVersion: "TLSv1"
Origins:
- CustomOriginConfig:
HTTPPort: "80"
HTTPPort: "443"
OriginProtocolPolicy: "http-only"
OriginSSLProtocols:
- "TLSv1"
- "TLSv1.1"
- "TLSv1.2"
DomainName: !Select [1, !Split ["//", !GetAtt SiteBucket.WebsiteURL]]
Id: "site-bucket-origin"
Logging:
Bucket: !GetAtt LogBucket.DomainName
Prefix: "cloud-front"
Tags:
- Key: "static-site"
Value: !Ref DomainName
MyRecordSetGroup:
Type: "AWS::Route53::RecordSetGroup"
Properties:
Comment: "Record set group for static site domain"
HostedZoneName: !Join [ '', [!Ref DomainName, '.']]
RecordSets:
- AliasTarget:
DNSName: !GetAtt CFDistro.DomainName
EvaluateTargetHealth: false
HostedZoneId: Z2FDTNDATAQYW2
Type: "A"
Name: !Ref DomainName
- ResourceRecords:
- !GetAtt CFDistro.DomainName
Type: "CNAME"
Name: !Sub
- www.${Domain}
- { Domain: !Ref DomainName }
TTL: 300