-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudformation.yml
146 lines (141 loc) · 4.48 KB
/
cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Parameters:
DeploymentContentVersion:
Type: String
Description: This can be any unique string that identifies the files you are deploying.
DomainHostedZoneId:
Type: String
Description: The fixed hosted zone id that managed the domain liztoffstudios.com in Route 53
Default: Z0114809RHOK88DM2XYZ
StackNameSuffix:
Type: String
Default: ""
RootDomain:
Type: String
Default: liztoffstudios.com
WwwDomain:
Type: String
Default: www.liztoffstudios.com
Resources:
# Bucket
WebsiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Join ["", [!Ref RootDomain, !Ref StackNameSuffix]]
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WebsiteBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- s3:GetObject
- s3:ListBucket
Effect: Allow
Resource:
- !Join ["", [!GetAtt WebsiteBucket.Arn, "/*"]]
- !GetAtt WebsiteBucket.Arn
Principal:
CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
# Deployment
S3UploadLambdaLayer:
Type: AWS::Serverless::LayerVersion
Properties:
ContentUri: node_modules/s3-upload-custom-resource-lambda-layer/dist/layer.zip
S3UploadLambda:
Type: AWS::Serverless::Function
Properties:
Layers: [!Ref S3UploadLambdaLayer]
CodeUri: dist
Handler: s3-upload-custom-resource.handler
MemorySize: 10240
Timeout: 180
Runtime: nodejs20.x
Policies:
- S3CrudPolicy:
BucketName: !Ref WebsiteBucket
DeployWebsite:
Type: Custom::UploadFilesToS3
Properties:
ServiceToken: !GetAtt S3UploadLambda.Arn
BucketName: !Ref WebsiteBucket
ContentVersion: !Ref DeploymentContentVersion
# CloudFront
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !GetAtt WebsiteBucket.DomainName
Id: S3
S3OriginConfig:
OriginAccessIdentity:
!Join [
"",
["origin-access-identity/cloudfront/", !Ref CloudFrontOriginAccessIdentity],
]
Enabled: true
DefaultRootObject: "index.html"
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 404
ResponsePagePath: "/index.html"
Aliases:
- !Ref RootDomain
- !Ref WwwDomain
DefaultCacheBehavior:
TargetOriginId: S3
SmoothStreaming: false
Compress: true
ForwardedValues:
QueryString: false
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
HttpVersion: http2
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref DomainWildcardCertificate
MinimumProtocolVersion: TLSv1.1_2016
SslSupportMethod: sni-only
CloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Ref RootDomain
# Certificate
DomainWildcardCertificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Ref RootDomain
SubjectAlternativeNames:
- !Join ["", ["*.", !Ref RootDomain]]
ValidationMethod: DNS
DomainValidationOptions:
- DomainName: !Ref RootDomain
HostedZoneId: !Ref DomainHostedZoneId
# Domain
RootDomainName:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref DomainHostedZoneId
Name: !Ref RootDomain
Type: A
AliasTarget:
# Global CloudFront Hosted Zone per
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget-1.html
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFrontDistribution.DomainName
WwwmDomainName:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref DomainHostedZoneId
Name: !Ref WwwDomain
Type: A
AliasTarget:
# Global CloudFront Hosted Zone per
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget-1.html
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFrontDistribution.DomainName