This CloudFormation template deploys the complete AWS infrastructure needed to connect Dropshare to AWS. It creates a secure, scalable file-sharing solution using S3 for storage and CloudFront for global content delivery.
The template provisions:
- S3 Bucket: Encrypted storage for your files and screenshots
- CloudFront Distribution: CDN for fast, global file delivery with custom domain support
- IAM User & Credentials: Dedicated user with appropriate S3 permissions for Dropshare
- SSL Certificate: Automatic certificate provisioning via AWS Certificate Manager
- Route53 DNS: Optional DNS record creation (if using Route53)
Before deploying this template, ensure you have:
-
AWS Account with appropriate permissions to create:
- S3 buckets
- CloudFront distributions
- IAM users and policies
- ACM certificates
- Route53 records (if using Route53)
-
AWS CLI installed and configured:
aws configure
-
Domain Name that you control
-
(Optional) Route53 Hosted Zone if you want automatic DNS configuration
-
CloudFormation Deployment Tool - one of:
- AWS Rain (recommended, used in CI/CD)
- AWS CLI
- AWS Console
-
Python 3.12+ (for local development and linting):
uv sync
rain deploy template.yaml my-dropshare-stack \
--params DomainName=files.example.comWith Route53 enabled:
rain deploy template.yaml my-dropshare-stack \
--params DomainName=files.example.com,UseRoute53=true,HostedZoneId=Z1234567890ABCaws cloudformation create-stack \
--stack-name my-dropshare-stack \
--template-body file://template.yaml \
--parameters \
ParameterKey=DomainName,ParameterValue=files.example.com \
--capabilities CAPABILITY_IAM- Navigate to CloudFormation in the AWS Console
- Click "Create stack"
- Upload
template.yaml - Enter your stack name and parameters
- Review and create
-
Validate SSL Certificate:
- Check your email or DNS records for certificate validation
- Add the required DNS records to validate your domain
-
Configure DNS (if not using Route53):
- Get the CloudFront distribution URL from stack outputs
- Create a CNAME or ALIAS record pointing your domain to the CloudFront distribution
-
Configure Dropshare:
- Use the stack outputs to configure your Dropshare connection:
- Bucket Name
- Region
- Access Key ID
- Secret Access Key (save this immediately - you cannot retrieve it later)
- Use the stack outputs to configure your Dropshare connection:
| Parameter | Description | Required | Default | Example |
|---|---|---|---|---|
DomainName |
Your custom domain for CloudFront | Yes | - | files.example.com |
UseRoute53 |
Whether to create Route53 DNS records | No | false |
true or false |
HostedZoneId |
Route53 Hosted Zone ID (required if UseRoute53=true) | Conditional | <UPDATE> |
Z1234567890ABC |
After deployment, the stack provides these outputs for configuring Dropshare:
- DropshareBucketName: S3 bucket name to use in Dropshare
- DropshareRegion: AWS region where the stack is deployed
- DropshareDomain: Your custom domain name
- DropshareUserAccessId: Access Key ID for authentication
- DropshareUserSecretKey: Secret Access Key (save immediately!)
- DropshareCloudFrontDistribution: CloudFront distribution URL
- Server-side encryption (AES256) enabled on S3 bucket
- HTTPS-only access via CloudFront (redirects HTTP to HTTPS)
- TLS 1.2+ minimum protocol version
- Origin Access Control for secure S3 access
- Least-privilege IAM policy (bucket-specific permissions only)