AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: SAM configuration for cloudfront-auth function Resources: CloudFrontAuthFunction: Type: AWS::Serverless::Function Properties: CodeUri: distributions/{distribution_name}/{distribution_name}.zip Role: !GetAtt LambdaEdgeFunctionRole.Arn Runtime: nodejs10.x Handler: index.handler Timeout: 5 AutoPublishAlias: LIVE LambdaEdgeFunctionRole: Type: "AWS::IAM::Role" Properties: Path: "/" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Sid: "AllowLambdaServiceToAssumeRole" Effect: "Allow" Action: - "sts:AssumeRole" Principal: Service: - "lambda.amazonaws.com" - "edgelambda.amazonaws.com" Outputs: CloudFrontAuthFunction: Description: Lambda@Edge CloudFront Auth Function ARN Value: !GetAtt CloudFrontAuthFunction.Arn CloudFrontAuthFunctionVersion: Description: Lambda@Edge CloudFront Auth Function ARN with Version Value: !Ref CloudFrontAuthFunction.Version