-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy paths3.website.cfn.yaml
145 lines (128 loc) · 4.15 KB
/
s3.website.cfn.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
AWSTemplateFormatVersion: '2010-09-09'
Description: 'FunderburgFinishes.com - Static website hosting with S3 and CloudFront'
Parameters:
DefaultRootObject:
Description: 'The default path for the index document.'
Type: String
Default: 'index.html'
ErrorPagePath:
Description: 'The path of the error page for the website.'
Type: String
Default: '/errors/404'
HostedZoneID:
Description: 'The ID of your hosted zone in Route 53'
Type: 'AWS::Route53::HostedZone::Id'
Default: 'Z0397920154LOXKTT6Q16'
DomainName:
Description: 'The registered domain name for the site'
Type: String
Default: 'funderburgfinishes'
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: !Sub '${DomainName}-bucket'
CloudFrontOriginAccessIdentity:
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Ref S3Bucket
ReadPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
- Action: 's3:GetObject'
Effect: Allow
Resource: !Sub 'arn:aws:s3:::${S3Bucket}/*'
Principal:
CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
CloudFrontDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Aliases:
- !Sub '${DomainName}.com'
- !Sub 'www.${DomainName}.com'
CustomErrorResponses:
- ErrorCode: 403 # not found
ResponseCode: 404
ResponsePagePath: !Ref ErrorPagePath
DefaultRootObject: !Ref DefaultRootObject
Enabled: true
HttpVersion: http2
Origins:
- DomainName: !GetAtt 'S3Bucket.DomainName'
Id: s3origin
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}'
PriceClass: 'PriceClass_100'
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
CachedMethods:
- GET
- HEAD
- OPTIONS
Compress: true
DefaultTTL: 3600 # in seconds
ForwardedValues:
Cookies:
Forward: none
QueryString: false
MaxTTL: 86400 # in seconds
MinTTL: 60 # in seconds
TargetOriginId: s3origin
ViewerProtocolPolicy: 'redirect-to-https'
ViewerCertificate:
AcmCertificateArn: arn:aws:acm:us-east-1:812212307632:certificate/699a2b86-883c-409b-87e7-ddbed4475093
MinimumProtocolVersion: TLSv1.2_2018
SslSupportMethod: sni-only
Route53Record:
Type: 'AWS::Route53::RecordSet'
Properties:
HostedZoneId: !Ref HostedZoneID
Name: !Sub '${DomainName}.com'
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2 # This Zone ID is used for any CloudFront Distribution
DNSName: !GetAtt 'CloudFrontDistribution.DomainName'
AdtlRoute53Record:
Type: 'AWS::Route53::RecordSet'
Properties:
HostedZoneId: !Ref HostedZoneID
Name: !Sub 'www.${DomainName}.com'
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2 # This Zone ID is used for any CloudFront Distribution
DNSName: !GetAtt 'CloudFrontDistribution.DomainName'
DeploymentIamManagedPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:*
Resource:
- !GetAtt S3Bucket.Arn
- !Sub
- ${bucketArn}/*
- { bucketArn: !GetAtt S3Bucket.Arn }
- Effect: Deny
Action:
- s3:DeleteBucket*
Resource:
- !GetAtt S3Bucket.Arn
DeploymentIamUser:
Type: AWS::IAM::User
Properties:
UserName: !Sub '${DomainName}-deployer'
ManagedPolicyArns:
- !Ref DeploymentIamManagedPolicy