diff --git a/route53-alb-s3/README.md b/route53-alb-s3/README.md
new file mode 100644
index 000000000..ad310beb5
--- /dev/null
+++ b/route53-alb-s3/README.md
@@ -0,0 +1,79 @@
+# Internal static website hosting using Amazon Route53, Application Load Balancer and Amazon S3
+
+This pattern deploys a framework to host an internal static website on Amazon S3 bucket that can only be accessed from private network.
+
+Learn more about this pattern at Serverless Land Patterns: [https://serverlessland.com/patterns/route53-alb-s3](https://serverlessland.com/patterns/route53-alb-s3)
+
+**Important:** this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [AWS Serverless Application Model](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install.html) (AWS SAM) installed
+
+## Deployment Instructions
+
+1. From the command line, use AWS SAM to deploy the AWS resources for the pattern as specified in the template.yml file:
+ ```
+ sam deploy --guided
+ ```
+2. During the prompts:
+ * Enter a stack name
+ * Enter the desired AWS Region e.g. us-east-1
+ * Enter PrivateWebsiteDomainName e.g. hello-world.example.com
+ * Allow SAM CLI to create IAM roles with the required permissions
+ * Leave all other options to default values
+
+ Once you have run `sam deploy --guided` mode once and saved arguments to a configuration file (samconfig.toml), you can use `sam deploy` in future to use these defaults.
+
+3. Note the outputs from the SAM deployment process. These contain the resource names and/or ARNs which are used for testing.
+
+4. From the command line, run the below command to upload the `index.html` to the S3 bucket. Replace `{WebsiteBucket}` with the corresponding output value of the `sam deploy` command.
+ ```
+ aws s3 cp index.html s3://{WebsiteBucket}
+ ```
+
+## How it works
+
+Please refer to the architecture diagram below:
+
+
+
+This template deploys a Route53 hosted zone, an Application Load Balancer (ALB), a VPC Endpoint and a S3 bucket. The private website URL will be exposed via the Route 53 private hosted zone. This URL is accessible from within the VPC.
+
+## Testing
+
+1. [Create a CloudShell VPC environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/creating-vpc-environment.html). Enter the following values:
+ * Name - enter your preferred environment name.
+ * VPC - `VPCId` from the `sam deploy` output.
+ * Subnet - Select any of the two available subnets under the above VPC.
+ * Security - `ALBSecurityGroup` from the `sam deploy` output.
+
+2. From the CloudShell command prompt run the following command to access your private website. Replace `{PrivateWebsiteUrl}` with the corresponding output value of the `sam deploy` command:
+ ```
+ curl -k -L {PrivateWebsiteUrl}
+ ```
+ - The `curl` command makes an HTTP GET request to the deployed private website.
+ - `-k` option allows curl to ignore that the certificate is issued by a private certificate authority and proceed with making the invocation.
+ - `-L` option tells curl to follow any HTTP redirects that the server sends. If the server responds with a 3xx HTTP status code and provides a new URL, curl will automatically issue a new request to the new URL.
+
+3. You can also test by spinning up an EC2 instance within the same VPC or from another location that has private connectivity to the VPC. However, if you try to access the URL from outside network, it will not be reachable.
+
+## Cleanup
+
+1. Delete the contents of the S3 bucket. Make sure to use the correct bucket name.
+ ```bash
+ aws s3 rm s3://{WebsiteBucket} --recursive
+ ```
+2. Delete the CloudShell environment created in the VPC.
+3. Delete the stack
+ ```bash
+ sam delete
+ ```
+
+----
+Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0
diff --git a/route53-alb-s3/architecture.png b/route53-alb-s3/architecture.png
new file mode 100644
index 000000000..149b4890e
Binary files /dev/null and b/route53-alb-s3/architecture.png differ
diff --git a/route53-alb-s3/example-pattern.json b/route53-alb-s3/example-pattern.json
new file mode 100644
index 000000000..2afaa0eef
--- /dev/null
+++ b/route53-alb-s3/example-pattern.json
@@ -0,0 +1,66 @@
+{
+ "title": "Internal static website hosting using Amazon Route53, ALB and Amazon S3",
+ "description": "This pattern hosts an internal static website on an Amazon S3 bucket that can only be accessed from private network.",
+ "language": "YAML",
+ "level": "200",
+ "framework": "SAM",
+ "introBox": {
+ "headline": "How it works",
+ "text": [
+ "This template deploys a Route53 hosted zone, an Application Load Balancer (ALB), a VPC Endpoint and a S3 bucket.",
+ "The private website URL will be exposed via the Route 53 private hosted zone. This URL is accessible from within the VPC."
+ ]
+ },
+ "gitHub": {
+ "template": {
+ "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/route53-alb-s3",
+ "templateURL": "serverless-patterns/route53-alb-s3",
+ "projectFolder": "route53-alb-s3",
+ "templateFile": "template.yaml"
+ }
+ },
+ "resources": {
+ "bullets": [
+ {
+ "text": "Hosting Internal HTTPS Static Websites with ALB, S3, and PrivateLink",
+ "link": "https://aws.amazon.com/blogs/networking-and-content-delivery/hosting-internal-https-static-websites-with-alb-s3-and-privatelink/"
+ },
+ {
+ "text": "AWS PrivateLink for Amazon S3",
+ "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html"
+ }
+ ]
+ },
+ "deploy": {
+ "text": [
+ "sam build",
+ "sam deploy --guided"
+ ]
+ },
+ "testing": {
+ "text": [
+ "See the GitHub repo for detailed testing instructions."
+ ]
+ },
+ "cleanup": {
+ "text": [
+ "Delete the content of the S3 bucket: aws s3 rm s3://{WebsiteBucket} --recursive",
+ "Delete the stack: sam delete.",
+ "Delete the newly created CloudShell environment."
+ ]
+ },
+ "authors": [
+ {
+ "name": "Biswanath Mukherjee",
+ "image": "https://d1rwvjey2iif32.cloudfront.net",
+ "bio": "I am a Sr. Solutions Architect working at AWS India.",
+ "linkedin": "biswanathmukherjee"
+ },
+ {
+ "name": "Rakshith Rao",
+ "image": "https://rao.sh/assets/img/profile_pic.png",
+ "bio": "I am a Senior Solutions Architect at AWS and help our strategic customers build and operate their key workloads on AWS.",
+ "linkedin": "rakshithrao"
+ }
+ ]
+}
diff --git a/route53-alb-s3/index.html b/route53-alb-s3/index.html
new file mode 100644
index 000000000..9b6c9a89a
--- /dev/null
+++ b/route53-alb-s3/index.html
@@ -0,0 +1,33 @@
+
+
+
+
+ Sample Website
+
+
+
+
+
Hello World!
+
+
+
+
diff --git a/route53-alb-s3/route53-alb-s3.json b/route53-alb-s3/route53-alb-s3.json
new file mode 100644
index 000000000..cef10b804
--- /dev/null
+++ b/route53-alb-s3/route53-alb-s3.json
@@ -0,0 +1,96 @@
+{
+ "title": "Internal static website hosting using Amazon Route53, ALB and Amazon S3",
+ "description": "This pattern hosts an internal static website on an Amazon S3 bucket that can only be accessed from private network.",
+ "language": "YAML",
+ "level": "200",
+ "framework": "SAM",
+ "introBox": {
+ "headline": "How it works",
+ "text": [
+ "This template deploys a Route53 hosted zone, an Application Load Balancer (ALB), a VPC Endpoint and a S3 bucket.",
+ "The private website URL will be exposed via the Route 53 private hosted zone. This URL is accessible from within the VPC."
+ ]
+ },
+ "gitHub": {
+ "template": {
+ "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/route53-alb-s3",
+ "templateURL": "serverless-patterns/route53-alb-s3",
+ "projectFolder": "route53-alb-s3",
+ "templateFile": "template.yaml"
+ }
+ },
+ "resources": {
+ "bullets": [
+ {
+ "text": "Hosting Internal HTTPS Static Websites with ALB, S3, and PrivateLink",
+ "link": "https://aws.amazon.com/blogs/networking-and-content-delivery/hosting-internal-https-static-websites-with-alb-s3-and-privatelink/"
+ },
+ {
+ "text": "AWS PrivateLink for Amazon S3",
+ "link": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html"
+ }
+ ]
+ },
+ "deploy": {
+ "text": [
+ "sam build",
+ "sam deploy --guided"
+ ]
+ },
+ "testing": {
+ "text": [
+ "See the GitHub repo for detailed testing instructions."
+ ]
+ },
+ "cleanup": {
+ "text": [
+ "Delete the content of the S3 bucket: aws s3 rm s3://{WebsiteBucket} --recursive",
+ "Delete the stack: sam delete.",
+ "Delete the newly created CloudShell environment."
+ ]
+ },
+ "authors": [
+ {
+ "name": "Biswanath Mukherjee",
+ "image": "https://d1rwvjey2iif32.cloudfront.net",
+ "bio": "I am a Sr. Solutions Architect working at AWS India.",
+ "linkedin": "biswanathmukherjee"
+ },
+ {
+ "name": "Rakshith Rao",
+ "image": "https://rao.sh/assets/img/profile_pic.png",
+ "bio": "I am a Senior Solutions Architect at AWS and help our strategic customers build and operate their key workloads on AWS.",
+ "linkedin": "rakshithrao"
+ }
+ ],
+ "patternArch": {
+ "icon1": {
+ "x": 20,
+ "y": 50,
+ "service": "route53",
+ "label": "Route 53"
+ },
+ "icon2": {
+ "x": 50,
+ "y": 50,
+ "service": "alb",
+ "label": "Application Load Balancer"
+ },
+ "icon3": {
+ "x": 80,
+ "y": 50,
+ "service": "s3",
+ "label": "S3 bucket"
+ },
+ "line1": {
+ "from": "icon1",
+ "to": "icon2",
+ "label": ""
+ },
+ "line2": {
+ "from": "icon2",
+ "to": "icon3",
+ "label": ""
+ }
+ }
+}
diff --git a/route53-alb-s3/template.yaml b/route53-alb-s3/template.yaml
new file mode 100644
index 000000000..6c99edab6
--- /dev/null
+++ b/route53-alb-s3/template.yaml
@@ -0,0 +1,383 @@
+AWSTemplateFormatVersion: 2010-09-09
+Transform: AWS::Serverless-2016-10-31
+Description: This template deploys infrastructure for a private website.
+
+Parameters:
+ PrivateWebsiteDomainName:
+ Type: String
+ Description: The name of the domain for the private website. This will also be the name of the S3 bucket that will created and therefore needs to be unique globally.
+
+Resources:
+ VPC:
+ Type: AWS::EC2::VPC
+ Properties:
+ CidrBlock: 10.0.0.0/16
+ EnableDnsHostnames: true
+ EnableDnsSupport: true
+ Tags:
+ - Key: Name
+ Value: private-website-vpc
+
+ PrivateSubnet1:
+ Type: AWS::EC2::Subnet
+ Properties:
+ VpcId: !Ref VPC
+ CidrBlock: 10.0.2.0/24
+ AvailabilityZone: !Select [0, !GetAZs '']
+
+ PrivateSubnet2:
+ Type: AWS::EC2::Subnet
+ Properties:
+ VpcId: !Ref VPC
+ CidrBlock: 10.0.3.0/24
+ AvailabilityZone: !Select [1, !GetAZs '']
+
+ # Private Application Load balancer
+ ApplicationLoadBalancer:
+ Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+ Properties:
+ Type: application
+ Scheme: internal
+ Subnets:
+ - !Ref PrivateSubnet1
+ - !Ref PrivateSubnet2
+ SecurityGroups:
+ - !Ref ALBSecurityGroup
+ ApplicationLoadBalancerListener:
+ Type: AWS::ElasticLoadBalancingV2::Listener
+ Properties:
+ DefaultActions:
+ - Type: forward
+ TargetGroupArn: !Ref ApplicationLoadBalancerTargetGroup
+ LoadBalancerArn: !Ref ApplicationLoadBalancer
+ Port: 443
+ Protocol: HTTPS
+ Certificates:
+ - CertificateArn: !Ref Certificate
+ SslPolicy: ELBSecurityPolicy-TLS-1-2-2017-01
+ ApplicationLoadBalancerListenerRule:
+ Type: AWS::ElasticLoadBalancingV2::ListenerRule
+ Properties:
+ Actions:
+ # Redirect to URL
+ - Type: redirect
+ RedirectConfig:
+ Host: "#{host}"
+ Path: "/#{path}index.html"
+ Port: "443"
+ Protocol: "HTTPS"
+ Query: "#{query}"
+ StatusCode: HTTP_301
+ Conditions:
+ - Field: path-pattern
+ Values:
+ - "*/"
+ ListenerArn: !Ref ApplicationLoadBalancerListener
+ Priority: 1
+ ApplicationLoadBalancerTargetGroup:
+ Type: AWS::ElasticLoadBalancingV2::TargetGroup
+ Properties:
+ HealthCheckIntervalSeconds: 6
+ HealthCheckPath: /
+ HealthCheckProtocol: HTTP
+ HealthCheckTimeoutSeconds: 5
+ HealthyThresholdCount: 2
+ Matcher:
+ HttpCode: "307,405"
+ Port: 443
+ Protocol: HTTPS
+ TargetType: ip
+ Targets:
+ - Id: !Select [0, !GetAtt VPCEndpointPrivateIPs.PrivateIps]
+ - Id: !Select [1, !GetAtt VPCEndpointPrivateIPs.PrivateIps]
+ UnhealthyThresholdCount: 2
+ VpcId: !Ref VPC
+ ALBSecurityGroup:
+ Type: AWS::EC2::SecurityGroup
+ Properties:
+ GroupDescription: Allow incoming HTTP traffic
+ VpcId: !Ref VPC
+ SecurityGroupIngress:
+ - CidrIp: 0.0.0.0/0
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+ - CidrIpv6: ::/0
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+ Tags:
+ - Key: Name
+ Value: alb-sg
+
+ # Private Route 53 for the internal domain
+ PrivateHostedZone:
+ Type: AWS::Route53::HostedZone
+ Properties:
+ Name: !Ref PrivateWebsiteDomainName
+ VPCs:
+ - VPCId: !Ref VPC
+ VPCRegion: !Ref AWS::Region
+ HostedZoneConfig:
+ Comment: Config for my hosted zone
+ PrivateDNSRecord:
+ Type: AWS::Route53::RecordSet
+ Properties:
+ Name: !Ref PrivateWebsiteDomainName
+ Type: A
+ HostedZoneId: !Ref PrivateHostedZone
+ AliasTarget:
+ DNSName: !GetAtt ApplicationLoadBalancer.DNSName
+ HostedZoneId: !GetAtt ApplicationLoadBalancer.CanonicalHostedZoneID
+
+ # S3 bucket to host the static website
+ S3Bucket:
+ Type: AWS::S3::Bucket
+ Properties:
+ BucketName: !Ref PrivateWebsiteDomainName
+ BucketEncryption:
+ ServerSideEncryptionConfiguration:
+ - ServerSideEncryptionByDefault:
+ SSEAlgorithm: AES256
+ PublicAccessBlockConfiguration:
+ BlockPublicAcls: true
+ BlockPublicPolicy: true
+ IgnorePublicAcls: true
+ RestrictPublicBuckets: true
+ S3BucketPolicy:
+ Type: AWS::S3::BucketPolicy
+ Properties:
+ Bucket: !Ref S3Bucket
+ PolicyDocument:
+ Version: "2012-10-17"
+ Id: PolicyForVPCEndpoint
+ Statement:
+ - Sid: AllowGetObjectFromVPCEndpoint
+ Effect: Allow
+ Principal: "*"
+ Action: "s3:GetObject"
+ Resource:
+ - !GetAtt S3Bucket.Arn
+ - !Sub "${S3Bucket.Arn}/*"
+ Condition:
+ StringEquals:
+ "aws:sourceVpce": !Ref VPCEndpointS3
+
+ # Create VPC Interface Endpoint for S3
+ VPCEndpointS3:
+ Type: AWS::EC2::VPCEndpoint
+ Properties:
+ ServiceName: !Sub "com.amazonaws.${AWS::Region}.s3"
+ VpcEndpointType: Interface
+ VpcId: !Ref VPC
+ SubnetIds:
+ - !Ref PrivateSubnet1
+ - !Ref PrivateSubnet2
+ SecurityGroupIds:
+ - !Ref VPCEndpointSecurityGroup
+ PolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal: "*"
+ Action:
+ - "s3:GetObject"
+ - "s3:ListBucket"
+ Resource:
+ - !GetAtt S3Bucket.Arn
+ - !Sub "${S3Bucket.Arn}/*"
+ VPCEndpointSecurityGroup:
+ Type: AWS::EC2::SecurityGroup
+ Properties:
+ GroupDescription: Allow incoming HTTPS traffic from VPC Endpoint
+ VpcId: !Ref VPC
+ SecurityGroupIngress:
+ - SourceSecurityGroupId: !GetAtt ALBSecurityGroup.GroupId
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+ Description: Allow incoming HTTPS traffic from ALB Security Group
+ - CidrIpv6: ::/0
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+ Description: Allow incoming HTTPS traffic from ALB Security Group
+ Tags:
+ - Key: Name
+ Value: vpc-ep-sg
+
+ # Lambda backed custom resource to get the IPs of the VPC endpoint
+ VPCEndpointPrivateIPs:
+ Type: Custom::VPCEndpointPrivateIPs
+ DependsOn: VPCEndpointS3
+ Properties:
+ ServiceToken: !GetAtt LambdaFunction.Arn
+ NetworkInterfaceIds: !GetAtt VPCEndpointS3.NetworkInterfaceIds
+ LambdaFunction:
+ Type: AWS::Lambda::Function
+ Properties:
+ Code:
+ ZipFile: |
+ import boto3
+ import cfnresponse
+
+ ec2 = boto3.client('ec2')
+
+ def get_private_ips(network_interface_ids):
+ private_ips = []
+ for network_interface_id in network_interface_ids:
+ response = ec2.describe_network_interfaces(NetworkInterfaceIds=[network_interface_id])
+ private_ips.append(response['NetworkInterfaces'][0]['PrivateIpAddress'])
+ return private_ips
+
+ def handler(event, context):
+ try:
+ print(f"Event: {event}")
+ if event['RequestType'] == 'Delete':
+ cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, "")
+
+ # Extract the network interface IDs from the event
+ network_interface_ids = event['ResourceProperties']['NetworkInterfaceIds']
+
+ # Retrieve private IP addresses from network interfaces
+ private_ips = get_private_ips(network_interface_ids)
+
+ # Return the private IP addresses of the VPC endpoint to CloudFormation
+ cfnresponse.send(event, context, cfnresponse.SUCCESS, {
+ 'PrivateIps': private_ips
+ }, f"Private IPs of the VPCE extracted - {', '.join(private_ips)}")
+ except Exception as e:
+ cfnresponse.send(event, context, cfnresponse.FAILED, {}, str(e))
+ Handler: index.handler
+ Runtime: python3.12
+ Role: !GetAtt LambdaExecutionRole.Arn
+ LambdaExecutionRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Version: '2012-10-17'
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service:
+ - lambda.amazonaws.com
+ Action:
+ - 'sts:AssumeRole'
+ ManagedPolicyArns:
+ - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+ Policies:
+ - PolicyName: VPCEndpointPrivateIPsPolicy
+ PolicyDocument:
+ Version: '2012-10-17'
+ Statement:
+ - Effect: Allow
+ Action:
+ - 'ec2:DescribeNetworkInterfaces'
+ Resource: '*'
+
+ # Private Certificate
+ RootCA:
+ Type: AWS::ACMPCA::CertificateAuthority
+ Properties:
+ Type: ROOT
+ KeyAlgorithm: RSA_2048
+ SigningAlgorithm: SHA256WITHRSA
+ Subject:
+ Country: US
+ Organization: Example Inc.
+ CommonName: Example Root CA 1
+ RevocationConfiguration:
+ CrlConfiguration:
+ Enabled: false
+ RootCACertificate:
+ Type: AWS::ACMPCA::Certificate
+ Properties:
+ CertificateAuthorityArn: !Ref RootCA
+ CertificateSigningRequest: !GetAtt RootCA.CertificateSigningRequest
+ SigningAlgorithm: SHA256WITHRSA
+ TemplateArn: arn:aws:acm-pca:::template/RootCACertificate/V1
+ Validity:
+ Type: DAYS
+ Value: 730
+ RootCAActivation:
+ Type: AWS::ACMPCA::CertificateAuthorityActivation
+ Properties:
+ CertificateAuthorityArn: !Ref RootCA
+ Certificate: !GetAtt RootCACertificate.Certificate
+ Status: ACTIVE
+ RootCAPermission:
+ Type: AWS::ACMPCA::Permission
+ Properties:
+ Actions:
+ - IssueCertificate
+ - GetCertificate
+ - ListPermissions
+ CertificateAuthorityArn: !Ref RootCA
+ Principal: acm.amazonaws.com
+ SubordinateCA:
+ Type: AWS::ACMPCA::CertificateAuthority
+ Properties:
+ Type: SUBORDINATE
+ KeyAlgorithm: RSA_2048
+ SigningAlgorithm: SHA256WITHRSA
+ Subject:
+ Country: US
+ Organization: Example Inc.
+ CommonName: Example Subordinate CA
+ RevocationConfiguration: {}
+ Tags: []
+ SubordinateCACACertificate:
+ DependsOn: RootCAActivation
+ Type: AWS::ACMPCA::Certificate
+ Properties:
+ CertificateAuthorityArn: !Ref RootCA
+ CertificateSigningRequest: !GetAtt SubordinateCA.CertificateSigningRequest
+ SigningAlgorithm: SHA256WITHRSA
+ TemplateArn: arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1
+ Validity:
+ Type: DAYS
+ Value: 720
+ SubordinateCAActivation:
+ Type: AWS::ACMPCA::CertificateAuthorityActivation
+ Properties:
+ CertificateAuthorityArn: !Ref SubordinateCA
+ Certificate: !GetAtt SubordinateCACACertificate.Certificate
+ CertificateChain: !GetAtt RootCAActivation.CompleteCertificateChain
+ Status: ACTIVE
+ SubordinateCAPermission:
+ Type: AWS::ACMPCA::Permission
+ Properties:
+ Actions:
+ - IssueCertificate
+ - GetCertificate
+ - ListPermissions
+ CertificateAuthorityArn: !Ref SubordinateCA
+ Principal: acm.amazonaws.com
+ # Create a private certificate in ACM
+ Certificate:
+ Type: AWS::CertificateManager::Certificate
+ DependsOn:
+ - PrivateHostedZone
+ - PrivateDNSRecord
+ Properties:
+ CertificateAuthorityArn: !Ref SubordinateCA
+ DomainName: !Ref PrivateWebsiteDomainName
+
+Outputs:
+ WebsiteBucket:
+ Description: The S3 bucket to host the static website. Upload the website's static contents to this bucket.
+ Value: !Ref S3Bucket
+ PrivateWebsiteUrl:
+ Description: The URL to access the static website. This needs to be accessed from a location which has connectivity to the private ALB. You could test this by launching an AWS CloudShell in the VPC and access the URL using curl -v -k -L ${PrivateWebsiteUrl}
+ Value: !Sub "https://${PrivateWebsiteDomainName}"
+ Export:
+ Name: PrivateWebsiteUrl
+ VPCId:
+ Description: The name of the VPC
+ Value: !Ref VPC
+ ALBSecurityGroup:
+ Description: The Security Group ID for the ALB
+ Value: !Ref ALBSecurityGroup
+ VPCEndpointSecurityGroup:
+ Description: The Security Group ID for the VPC Endpoint
+ Value: !Ref VPCEndpointSecurityGroup