Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
90 lines (90 sloc) 2.77 KB
AWSTemplateFormatVersion: 2010-09-09
Description: >
This template instantiates a series of resources related to deploying a
static website stored in an S3 bucket.
Parameters:
SiteBucketName:
Type: String
Description: The name of the bucket hosting the site
LogBucketName:
Type: String
Description: The name of the bucket to store access logs
SiteDomainName:
Type: String
Description: DNS name of site
Resources:
CDNIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub 'OAI for ${SiteDomainName}'
SiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref SiteBucketName
SiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref SiteBucket
PolicyDocument:
Statement:
-
Sid: Grant a CloudFront Origin Identity access to support private content
Effect: Allow
Principal:
CanonicalUser: !GetAtt CDNIdentity.S3CanonicalUserId
Action: s3:GetObject
Resource: !Sub
- '${SiteBucketARN}/*'
- { SiteBucketARN: !GetAtt SiteBucket.Arn }
DependsOn:
- CDNIdentity
- SiteBucket
LogBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref LogBucketName
AccessControl: LogDeliveryWrite
SiteCertificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub '*.${SiteDomainName}'
ValidationMethod: EMAIL
SiteCDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Sub 'www.${SiteDomainName}'
CustomErrorResponses:
-
ErrorCode: 403
ResponseCode: 404
ResponsePagePath: /404.html
DefaultCacheBehavior:
Compress: true
ForwardedValues:
QueryString: false
TargetOriginId: !Ref SiteDomainName
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
Enabled: true
Logging:
Bucket: !GetAtt LogBucket.DomainName
IncludeCookies: false
Origins:
-
DomainName: !GetAtt SiteBucket.DomainName
Id: !Ref SiteDomainName
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CDNIdentity}'
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref SiteCertificate
MinimumProtocolVersion: TLSv1.1_2016
SslSupportMethod: sni-only
DependsOn: SiteCertificate
Outputs:
CDNDomainName:
Description: The domain of the deployed CDN for the site
Value: !GetAtt SiteCDN.DomainName
You can’t perform that action at this time.