Permalink
Cannot retrieve contributors at this time
amzn-cloudformation/storage-content-delivery/static-website-with-cloudfront-lambda-edge.yml
Go to fileAWSTemplateFormatVersion: 2010-09-09 | |
Description: > | |
Resources for hosting a static website (generated with Hugo for example) on | |
Amazon Simple Storage Service (S3), CloudFront & Lambda@Edge for URI | |
rewriting. | |
############################################################################### | |
Parameters: | |
############################################################################### | |
AcmCertificateArn: | |
Type: String | |
Description: > | |
The ARN of the SSL certificate to use for the CloudFront distribution. | |
DomainName: | |
Type: String | |
Description: The website domain name. | |
Default: lroguet.example | |
PriceClass: | |
Type: String | |
Description: The CloudFront distribution price class | |
Default: 'PriceClass_All' | |
AllowedValues: | |
- 'PriceClass_100' | |
- 'PriceClass_200' | |
- 'PriceClass_All' | |
############################################################################### | |
Outputs: | |
############################################################################### | |
TheBucketArn: | |
Description: The ARN of the S3 bucket hosting the static content. | |
Value: !GetAtt TheBucket.Arn | |
Export: | |
Name: !Sub ${AWS::StackName}-bucket-arn | |
############################################################################### | |
Resources: | |
############################################################################### | |
TheCloudFrontDistribution: | |
Type: AWS::CloudFront::Distribution | |
Properties: | |
DistributionConfig: | |
Aliases: | |
- !Ref DomainName | |
DefaultCacheBehavior: | |
Compress: true | |
ForwardedValues: | |
QueryString: false | |
TargetOriginId: the-s3-bucket | |
ViewerProtocolPolicy: redirect-to-https | |
LambdaFunctionAssociations: | |
- EventType: origin-request | |
LambdaFunctionARN: !Ref TheOriginRequestLambdaFunctionVersion | |
DefaultRootObject: index.html | |
CustomErrorResponses: | |
- ErrorCachingMinTTL: 300 | |
ErrorCode: 403 | |
ResponseCode: 404 | |
ResponsePagePath: /404.html | |
Enabled: true | |
HttpVersion: http2 | |
Origins: | |
- DomainName: | |
!Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ] | |
Id: the-s3-bucket | |
S3OriginConfig: | |
OriginAccessIdentity: | |
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ] | |
PriceClass: !Ref PriceClass | |
ViewerCertificate: | |
AcmCertificateArn: !Ref AcmCertificateArn | |
MinimumProtocolVersion: TLSv1.1_2016 | |
SslSupportMethod: sni-only | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheCloudFrontOriginAccessIdentity: | |
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity | |
Properties: | |
CloudFrontOriginAccessIdentityConfig: | |
Comment: !Sub 'CloudFront OAI for ${DomainName}' | |
TheBucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- | |
ServerSideEncryptionByDefault: | |
SSEAlgorithm: AES256 | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheBucketPolicy: | |
Type: AWS::S3::BucketPolicy | |
Properties: | |
Bucket: !Ref TheBucket | |
PolicyDocument: | |
Statement: | |
- | |
Action: | |
- s3:GetObject | |
Effect: Allow | |
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ] | |
Principal: | |
CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId | |
TheOriginRequestLambdaFunction: | |
Type: AWS::Lambda::Function | |
Properties: | |
Description: > | |
Lambda function performing request URI rewriting. | |
Code: | |
ZipFile: | | |
const path = require('path'); | |
exports.handler = async (event) => { | |
var request = event.Records[0].cf.request; | |
// Rewrite clean URLs (adding index.html) | |
if (!path.extname(request.uri)) { | |
request.uri = request.uri.replace(/\/?$/, '\/index.html'); | |
} | |
return request; | |
}; | |
Handler: index.handler | |
MemorySize: 128 | |
Role: !Sub ${TheOriginRequestLambdaFunctionExecutionRole.Arn} | |
Runtime: nodejs8.10 | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheOriginRequestLambdaFunctionVersion: | |
Type: AWS::Lambda::Version | |
Properties: | |
FunctionName: !Ref TheOriginRequestLambdaFunction | |
Description: !Sub "URL rewriting for ${DomainName}" | |
TheOriginRequestLambdaFunctionExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Version: 2012-10-17 | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: | |
- edgelambda.amazonaws.com | |
- lambda.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
ManagedPolicyArns: | |
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole |