template.yml

AWSTemplateFormatVersion: 2010-09-09
Description: Manages domain, CDN, and static website.
Transform: AWS::Serverless-2016-10-31
Parameters:
  DomainName:
    Type: String
  Route53HostedZoneId:
    Type: String
Resources:
  Certificate:
    Type: AWS::CertificateManager::Certificate
    Properties:
      ValidationMethod: DNS
      DomainValidationOptions:
        - DomainName: !Ref DomainName
          HostedZoneId: !Ref Route53HostedZoneId
      DomainName: !Ref DomainName
  Domain:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: !Ref Route53HostedZoneId
      Name: !Ref DomainName
      Type: A
      AliasTarget:
        HostedZoneId: Z2FDTNDATAQYW2
        DNSName: !GetAtt
          - CDN
          - DomainName
  CDN:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Aliases:
          - !Ref DomainName
        DefaultCacheBehavior:
          TargetOriginId: !Sub
            - "${Input}_target_origin_id"
            - { Input: !Ref DomainName }
          ViewerProtocolPolicy: redirect-to-https
          ForwardedValues:
            QueryString: true
        Origins:
          - DomainName: !Select [ 1, !Split [ "//" , !GetAtt Website.WebsiteURL ] ]
            CustomOriginConfig:
              OriginProtocolPolicy: http-only
            Id: !Sub
              - "${Input}_target_origin_id"
              - { Input: !Ref DomainName }
        Enabled: true
        ViewerCertificate:
          AcmCertificateArn: !Ref Certificate
          MinimumProtocolVersion: TLSv1
          SslSupportMethod: sni-only

  CDNIdentity:
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: !Sub "${DomainName}"

  Website:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: index.html
  WebsiteAccessPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref Website
      PolicyDocument:
        Statement:
          - Action: s3:GetObject
            Effect: Allow
            Resource: !Sub "${Website.Arn}/*"
            Principal: '*'

Outputs:
  WebsiteURL:
    Value: !Sub "https://${DomainName}"
  WebsiteBucket:
    Description: Contains static assets of website.
    Value: !Ref Website
  BucketARN:
    Value: !GetAtt Website.Arn
  DistributionID:
    Value: !Ref CDN
    Description: CloudFront distribution id that servers files from the website.