Skip to content
Permalink
master
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
---
AWSTemplateFormatVersion: "2010-09-09"
Description: S3 bucket for website
Parameters:
DomainName:
Description: Domain name (don't include www.)
Type: String
Default: domain.com
Client:
Description: Client name
Type: String
Mappings:
RegionMap:
us-east-1:
S3hostedzoneID: Z3AQBSTGFYJSTF
websiteendpoint: s3-website-us-east-1.amazonaws.com
us-west-1:
S3hostedzoneID: Z2F56UZL2M1ACD
websiteendpoint: s3-website-us-west-1.amazonaws.com
us-west-2:
S3hostedzoneID: Z3BJ6K6RIION7M
websiteendpoint: s3-website-us-west-2.amazonaws.com
eu-west-1:
S3hostedzoneID: Z1BKCTXD74EZPE
websiteendpoint: s3-website-eu-west-1.amazonaws.com
ap-southeast-1:
S3hostedzoneID: Z3O0J2DXBE1FTB
websiteendpoint: s3-website-ap-southeast-1.amazonaws.com
ap-southeast-2:
S3hostedzoneID: Z1WCIGYICN2BYD
websiteendpoint: s3-website-ap-southeast-2.amazonaws.com
ap-northeast-1:
S3hostedzoneID: Z2M4EHUR26P7ZW
websiteendpoint: s3-website-ap-northeast-1.amazonaws.com
sa-east-1:
S3hostedzoneID: Z31GFT0UA1I2HV
websiteendpoint: s3-website-sa-east-1.amazonaws.com
Resources:
S3BucketW3:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub www.${DomainName}
AccessControl: PublicRead
Tags:
- Key: Client
Value: !Ref Client
VersioningConfiguration:
Status: Enabled
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
S3BucketBare:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub ${DomainName}
AccessControl: PublicRead
Tags:
- Key: Client
Value: !Ref Client
WebsiteConfiguration:
RedirectAllRequestsTo:
HostName: !Sub www.${DomainName}
Protocol: https
S3BucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref S3BucketW3
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Sid: PublicReadGetObject
Effect: Allow
Principal: "*"
Action:
- s3:GetObject
Resource: !Sub "arn:aws:s3:::www.${DomainName}/*"
LogBucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub ${DomainName}-logs
Tags:
- Key: Client
Value: !Ref Client
SSLCert:
Type: "AWS::CertificateManager::Certificate"
Properties:
DomainName: !Sub "*.${DomainName}"
SubjectAlternativeNames:
- !Ref DomainName
Tags:
- Key: Client
Value: !Ref Client
CloudFront:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !Sub
- ${S3BucketW3}.${S3WebEndpoint}
- { S3BucketW3: !Ref S3BucketW3, S3WebEndpoint: !FindInMap [RegionMap, !Ref "AWS::Region", websiteendpoint] }
Id: myS3Origin
CustomOriginConfig:
OriginProtocolPolicy: http-only
Enabled: 'true'
Comment: !Sub Distribution for ${Client}
HttpVersion: http2
Logging:
IncludeCookies: 'false'
Bucket: !Sub ${LogBucket}.s3.amazonaws.com
Prefix: !Ref DomainName
Aliases:
- !Sub www.${DomainName}
DefaultCacheBehavior:
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: myS3Origin
Compress: True
MinTTL: 300
DefaultTTL: 300
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref SSLCert
SslSupportMethod: sni-only
CloudFrontBare:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !Sub
- ${S3BucketBare}.${S3WebEndpoint}
- { S3BucketBare: !Ref S3BucketBare, S3WebEndpoint: !FindInMap [RegionMap, !Ref "AWS::Region", websiteendpoint] }
Id: myS3OriginBare
CustomOriginConfig:
OriginProtocolPolicy: http-only
Enabled: 'true'
Comment: !Sub Distribution for ${Client}
HttpVersion: http2
Logging:
IncludeCookies: 'false'
Bucket: !Sub ${LogBucket}.s3.amazonaws.com
Prefix: !Sub ${DomainName}_Bare
Aliases:
- !Ref DomainName
DefaultCacheBehavior:
AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: myS3OriginBare
Compress: True
DefaultTTL: 604800
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref SSLCert
SslSupportMethod: sni-only
R53EntryW3:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFront.DomainName
Comment: Route to CloudFront distribution
HostedZoneName: !Sub ${DomainName}.
Name: !Sub www.${DomainName}.
Type: A
R53EntryBare:
Type: "AWS::Route53::RecordSet"
Properties:
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFrontBare.DomainName
Comment: Route to CloudFront distribution redirect
HostedZoneName: !Sub ${DomainName}.
Name: !Sub ${DomainName}.
Type: A