Skip to content
Permalink
master
Go to file
 
 
Cannot retrieve contributors at this time
159 lines (145 sloc) 4.94 KB
AWSTemplateFormatVersion: 2010-09-09
Description: >
Resources for hosting a static website (generated with Hugo for example) on
Amazon Simple Storage Service (S3), CloudFront & Lambda@Edge for URI
rewriting.
###############################################################################
Parameters:
###############################################################################
AcmCertificateArn:
Type: String
Description: >
The ARN of the SSL certificate to use for the CloudFront distribution.
DomainName:
Type: String
Description: The website domain name.
Default: lroguet.example
PriceClass:
Type: String
Description: The CloudFront distribution price class
Default: 'PriceClass_All'
AllowedValues:
- 'PriceClass_100'
- 'PriceClass_200'
- 'PriceClass_All'
###############################################################################
Outputs:
###############################################################################
TheBucketArn:
Description: The ARN of the S3 bucket hosting the static content.
Value: !GetAtt TheBucket.Arn
Export:
Name: !Sub ${AWS::StackName}-bucket-arn
###############################################################################
Resources:
###############################################################################
TheCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Ref DomainName
DefaultCacheBehavior:
Compress: true
ForwardedValues:
QueryString: false
TargetOriginId: the-s3-bucket
ViewerProtocolPolicy: redirect-to-https
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !Ref TheOriginRequestLambdaFunctionVersion
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCachingMinTTL: 300
ErrorCode: 403
ResponseCode: 404
ResponsePagePath: /404.html
Enabled: true
HttpVersion: http2
Origins:
- DomainName:
!Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ]
Id: the-s3-bucket
S3OriginConfig:
OriginAccessIdentity:
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ]
PriceClass: !Ref PriceClass
ViewerCertificate:
AcmCertificateArn: !Ref AcmCertificateArn
MinimumProtocolVersion: TLSv1.1_2016
SslSupportMethod: sni-only
Tags:
- Key: Domain
Value: !Ref DomainName
TheCloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub 'CloudFront OAI for ${DomainName}'
TheBucket:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
-
ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
Tags:
- Key: Domain
Value: !Ref DomainName
TheBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref TheBucket
PolicyDocument:
Statement:
-
Action:
- s3:GetObject
Effect: Allow
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ]
Principal:
CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId
TheOriginRequestLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Description: >
Lambda function performing request URI rewriting.
Code:
ZipFile: |
const path = require('path');
exports.handler = async (event) => {
var request = event.Records[0].cf.request;
// Rewrite clean URLs (adding index.html)
if (!path.extname(request.uri)) {
request.uri = request.uri.replace(/\/?$/, '\/index.html');
}
return request;
};
Handler: index.handler
MemorySize: 128
Role: !Sub ${TheOriginRequestLambdaFunctionExecutionRole.Arn}
Runtime: nodejs8.10
Tags:
- Key: Domain
Value: !Ref DomainName
TheOriginRequestLambdaFunctionVersion:
Type: AWS::Lambda::Version
Properties:
FunctionName: !Ref TheOriginRequestLambdaFunction
Description: !Sub "URL rewriting for ${DomainName}"
TheOriginRequestLambdaFunctionExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- edgelambda.amazonaws.com
- lambda.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
You can’t perform that action at this time.