-
Notifications
You must be signed in to change notification settings - Fork 0
/
serverless.yml
141 lines (134 loc) · 4.46 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
service: BabyTrackerUi
custom:
CloudfrontHostedZone: Z2FDTNDATAQYW2
DomainHostedZone: ${env:APP_DOMAIN_HOSTED_ZONE}
Domain: ${env:APP_DOMAIN}
CertificateServiceToken: !Join [':', ['arn:aws:lambda', !Ref AWS::Region, !Ref AWS::AccountId, 'function:binxio-cfn-certificate-provider']]
provider:
name: aws
stage: ${opt:stage, 'dev'}
region: ${opt:region, env:AWS_REGION}
runtime: provided
stackTags:
BillingProject: BabyJournal
BillingSubproject: BabyJournalUi
lambdaHashingVersion: '20201221'
package:
exclude:
- ./**
resources:
Resources:
# Certificates
Certificate:
Type: Custom::Certificate
Properties:
DomainName: ${self:custom.Domain}
ValidationMethod: DNS
Region: us-east-1
ServiceToken: ${self:custom.CertificateServiceToken}
CertificateBlocker:
Type: Custom::IssuedCertificate
DependsOn:
- DnsRecordsCertificateValidation
Properties:
CertificateArn: !Ref Certificate
ServiceToken: ${self:custom.CertificateServiceToken}
CertificateDnsRecord:
Type: Custom::CertificateDNSRecord
Properties:
CertificateArn: !Ref Certificate
DomainName: ${self:custom.Domain}
ServiceToken: ${self:custom.CertificateServiceToken}
DnsRecordsCertificateValidation:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: ${self:custom.DomainHostedZone}
RecordSets:
- Name: !GetAtt CertificateDnsRecord.Name
Type: !GetAtt CertificateDnsRecord.Type
TTL: 60
Weight: 1
SetIdentifier: !Ref Certificate
ResourceRecords:
- !GetAtt CertificateDnsRecord.Value
# DNS
DnsRecords:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: ${self:custom.DomainHostedZone}
RecordSets:
- AliasTarget:
DNSName: !GetAtt WebsiteCDN.DomainName
HostedZoneId: ${self:custom.CloudfrontHostedZone}
Name: ${self:custom.Domain}
Type: A
# Hosting
Website:
Type: AWS::S3::Bucket
Properties:
CorsConfiguration:
CorsRules:
- AllowedHeaders: ["*"]
AllowedMethods: [GET]
AllowedOrigins: ["*"]
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Website
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: 's3:GetObject' # to read
Resource: !Join ['/', [!GetAtt Website.Arn, '*']] # things in the bucket
# Webserver
WebsiteCDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- ${self:custom.Domain}
Enabled: true
PriceClass: PriceClass_100
HttpVersion: http2
DefaultRootObject: index.html
Origins:
- Id: Website
DomainName: !GetAtt Website.RegionalDomainName
S3OriginConfig: {} # this key is required to tell CloudFront that this is an S3 origin, even though nothing is configured
DefaultCacheBehavior:
TargetOriginId: Website
AllowedMethods: [GET, HEAD]
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true
CustomErrorResponses:
- ErrorCode: 500
ErrorCachingMinTTL: 0
- ErrorCode: 504
ErrorCachingMinTTL: 0
- ErrorCode: 404
ResponsePagePath: /index.html
ErrorCachingMinTTL: 0
ResponseCode: 200
- ErrorCode: 403
ResponsePagePath: /index.html
ErrorCachingMinTTL: 0
ResponseCode: 200
ViewerCertificate:
AcmCertificateArn: !Ref Certificate
MinimumProtocolVersion: TLSv1.2_2019
SslSupportMethod: sni-only
Outputs:
Bucket:
Description: The name of the website bucket
Value: !Ref Website
Cdn:
Description: The id of the CDN for website
Value: !Ref WebsiteCDN
Url:
Description: The url of the deployed app
Value: https://${self:custom.Domain}