serverless.cdn.yml

service: estate-id-api-cdn
frameworkVersion: '2'

provider:
  name: aws
  lambdaHashingVersion: 20201221
  stage: dev
  region: ap-northeast-1

custom:
  stage: ${opt:stage, self:provider.stage}
  commentStackLabel: '[cf:${self:service}-${self:custom.stage}]'
  LogBucketNamePrefix: etate-id-distribution-logs-${self:custom.stage}

resources:
  Outputs:
    BackendCDNEndpoint:
      Value:
        Fn::Join:
          - ''
          - - 'https://'
            - Fn::GetAtt: [ BackendCDNDistribution, DomainName ]
            - '/v1'
    FrontendDistributionLogBucket:
      Value:
        Fn::GetAtt: [ FrontendDistributionLogBucket, DomainName ]
    BackendDistributionLogBucket:
      Value:
        Fn::GetAtt: [ BackendDistributionLogBucket, DomainName ]

  Resources:
    BackendCDNDistribution:
      Type: AWS::CloudFront::Distribution
      DependsOn:
        - BackendDistributionLogBucket
      Properties:
        DistributionConfig:
          Origins:
            - Id: ipc-verification-api
              DomainName: ${env:INCREMENTP_VERIFICATION_API_HOST}
              CustomOriginConfig:
                HTTPSPort: 443
                OriginProtocolPolicy: "https-only"
                OriginReadTimeout: 30
                OriginKeepaliveTimeout: 5
          # --- End Origins ---
          DefaultCacheBehavior:
            TargetOriginId: ipc-verification-api
            ForwardedValues:
              QueryString: true
              Cookies:
                Forward: none
              Headers:
                - 'x-api-key'
              QueryStringCacheKeys:
                - 'geocode'
            MinTTL: 86400
            DefaultTTL: 86400
            MaxTTL: 86400
            ViewerProtocolPolicy: redirect-to-https
          # --- END DefaultCacheBehavior ---
          Comment:
            Fn::Join:
              - ''
              - - ${self:custom.commentStackLabel}
                - 'Estate ID Backend CDN to cache ipc request.'
          Enabled: true
          Logging:
            Bucket: !GetAtt BackendDistributionLogBucket.DomainName
            IncludeCookies: false

    FrontendDistributionLogBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.LogBucketNamePrefix}-frontend
        AccessControl: Private

    BackendDistributionLogBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.LogBucketNamePrefix}-backend
        AccessControl: Private