Permalink
Cannot retrieve contributors at this time
AWSTemplateFormatVersion: 2010-09-09 | |
Description: > | |
Resources for hosting a static website (generated with Hugo for example) on | |
Amazon Simple Storage Service (S3) & CloudFront. | |
############################################################################### | |
Parameters: | |
############################################################################### | |
AcmCertificateArn: | |
Type: String | |
Description: > | |
The ARN of the SSL certificate to use for the CloudFront distribution. | |
DomainName: | |
Type: String | |
Description: The website domain name. | |
Default: lroguet.example | |
PriceClass: | |
Type: String | |
Description: The CloudFront distribution price class | |
Default: 'PriceClass_All' | |
AllowedValues: | |
- 'PriceClass_100' | |
- 'PriceClass_200' | |
- 'PriceClass_All' | |
############################################################################### | |
Resources: | |
############################################################################### | |
TheCloudFrontDistribution: | |
Type: AWS::CloudFront::Distribution | |
Properties: | |
DistributionConfig: | |
Aliases: | |
- !Ref DomainName | |
DefaultCacheBehavior: | |
Compress: true | |
ForwardedValues: | |
QueryString: false | |
TargetOriginId: the-s3-bucket | |
ViewerProtocolPolicy: redirect-to-https | |
DefaultRootObject: index.html | |
CustomErrorResponses: | |
- ErrorCachingMinTTL: 300 | |
ErrorCode: 403 | |
ResponseCode: 404 | |
ResponsePagePath: /404.html | |
Enabled: true | |
HttpVersion: http2 | |
Origins: | |
- DomainName: | |
!Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ] | |
Id: the-s3-bucket | |
S3OriginConfig: | |
OriginAccessIdentity: | |
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ] | |
PriceClass: !Ref PriceClass | |
ViewerCertificate: | |
AcmCertificateArn: !Ref AcmCertificateArn | |
MinimumProtocolVersion: TLSv1 | |
SslSupportMethod: sni-only | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheCloudFrontOriginAccessIdentity: | |
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity | |
Properties: | |
CloudFrontOriginAccessIdentityConfig: | |
Comment: !Sub 'CloudFront OAI for ${DomainName}' | |
TheBucket: | |
Type: AWS::S3::Bucket | |
DeletionPolicy: Retain | |
Properties: | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- | |
ServerSideEncryptionByDefault: | |
SSEAlgorithm: AES256 | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheBucketPolicy: | |
Type: AWS::S3::BucketPolicy | |
Properties: | |
Bucket: !Ref TheBucket | |
PolicyDocument: | |
Statement: | |
- | |
Action: | |
- s3:GetObject | |
Effect: Allow | |
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ] | |
Principal: | |
CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId |