Skip to content
Permalink
5c66bbfaec
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
161 lines (144 sloc) 3.91 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: >
Creates the following resources:
- An S3 bucket for the website
- A CloudFront for serving the static assets
Parameters:
CertificateArn:
Type: String
Description: The ARN of the SSL Certificate for Remix
FQDN:
Type: String
Description: The desired FQDN of the website
EnvType:
Type: String
Description: The type of environment to create.
Default: dev
AllowedValues:
- dev
- prod
ConstraintDescription: must specify prod or dev.
Mappings:
CacheSettings:
dev:
DefaultTTL: 0
prod:
DefaultTTL: 86400
Resources:
OriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub Static assets in ${AWS::StackName}
WebBucket:
Type: AWS::S3::Bucket
Properties:
LoggingConfiguration:
DestinationBucketName: !Ref LogBucket
LogFilePrefix: !If
- NoFQDN
- !Sub s3/${AWS::StackName}/
- !Sub s3/${FQDN}/
WebBucketPolicy:
Type: AWS::S3::BucketPolicy
DependsOn: OriginAccessIdentity
Properties:
Bucket: !Ref WebBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:GetObject
Resource: !Join
- ""
- - !GetAtt WebBucket.Arn
- "/*"
Principal:
CanonicalUser: !GetAtt OriginAccessIdentity.S3CanonicalUserId
Distribution:
Type: AWS::CloudFront::Distribution
DependsOn: OriginAccessIdentity
Properties:
DistributionConfig:
Enabled: true
HttpVersion: http2
PriceClass: PriceClass_100
ViewerCertificate: !If
- NoSSL
- !Ref AWS::NoValue
- AcmCertificateArn: !Ref CertificateArn
MinimumProtocolVersion: TLSv1.1_2016
SslSupportMethod: sni-only
Comment: !If
- NoFQDN
- !Ref AWS::NoValue
- !Ref FQDN
Aliases: !If
- NoFQDN
- !Ref AWS::NoValue
- - !Ref FQDN
DefaultRootObject: index.html
DefaultCacheBehavior:
ForwardedValues:
QueryString: false
AllowedMethods:
- HEAD
- GET
- OPTIONS
Compress: true
DefaultTTL: !FindInMap [CacheSettings, !Ref EnvType, "DefaultTTL"]
ViewerProtocolPolicy: !If
- NoSSL
- allow-all
- redirect-to-https
TargetOriginId: Bucket
Origins:
- Id: Bucket
DomainName: !GetAtt WebBucket.DomainName
S3OriginConfig:
OriginAccessIdentity: !Join
- /
- - origin-access-identity
- cloudfront
- !Ref OriginAccessIdentity
Logging:
Bucket: !Join
- .
- - !Ref LogBucket
- s3
- !Ref AWS::URLSuffix
Prefix: !If
- NoFQDN
- !Sub web/${AWS::StackName}/
- !Sub web/${FQDN}/
IncludeCookies: true
LogBucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: LogDeliveryWrite
VersioningConfiguration:
Status: Suspended
LifecycleConfiguration:
Rules:
- Status: Enabled
ExpirationInDays: 3653
NoncurrentVersionExpirationInDays: 1
SharedLogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Join [ '-', [ !Ref 'AWS::StackName', 'LogGroup']]
Conditions:
NoFQDN: !Equals
- !Ref FQDN
- ''
NoSSL: !Equals
- !Ref CertificateArn
- ''
Outputs:
WebBucketArn:
Description: ARN of S3 bucket hosting the website
Value: !GetAtt WebBucket.Arn
Export:
Name: !Sub '${AWS::StackName}WebBucketArn'