template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  hokanchan

  Google Suggest API Proxy

Parameters:
  bucketName:
    Type: String
    Default: hokanchan.uart.dev
  domainName:
    Type: String
    Default: hokanchan.uart.dev
  # CloudFront用証明書は、us-east-1リージョンにある必要がある
  certificateArn:
    Type: String
    Default: arn:aws:acm:us-east-1:069866334413:certificate/6bbabedf-c976-49b5-9633-f676aa7f1f2c

# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 15

Resources:
  # Static content
  StaticContentBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref bucketName
    DeletionPolicy: Delete
  # GetObjectを全許可
  StaticContentBucketPolicy:
    Type: AWS::S3::BucketPolicy
    DependsOn: StaticContentBucket
    Properties:
      Bucket: !Ref StaticContentBucket
      PolicyDocument:
        Id: StaticContentBucketPolicyDocument
        Version: '2012-10-17'
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join
              - ''
              - - 'arn:aws:s3:::'
                - !Ref StaticContentBucket
                - /*
  # Create Lambda, API Gateway, IAM role
  ServerlessFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: projects/backend-google-suggest-proxy/src/
      Handler: app.lambdaHandler
      Runtime: nodejs8.10
      Events:
        ApiEvent:
          Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
          Properties:
            Path: /suggest
            Method: get
  CloudFrontDistribution:
    DependsOn:
      - StaticContentBucket
      - StaticContentBucketPolicy
      - ServerlessFunction
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Origins:
          - DomainName: !GetAtt StaticContentBucket.DomainName
            Id: StaticContent
            S3OriginConfig:
              OriginAccessIdentity: ''
          - DomainName: !Sub '${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com'
            Id: LambdaFunction
            CustomOriginConfig:
              OriginProtocolPolicy: https-only
        Aliases:
          - !Ref domainName
        Comment: Hokanchan
        DefaultCacheBehavior:
          TargetOriginId: StaticContent
          AllowedMethods:
            - GET
            - HEAD
          DefaultTTL: 259200
          ForwardedValues:
            QueryString: false
          ViewerProtocolPolicy: redirect-to-https
        CacheBehaviors:
          - PathPattern: '/Prod/suggest' # Lambda用
            TargetOriginId: LambdaFunction
            AllowedMethods:
              - GET
              - HEAD
              - OPTIONS
            ForwardedValues:
              Headers:
                - 'Accept'
                - 'Accept-Encoding'
                - 'Accept-Language'
                - 'Cache-Control'
                - 'User-Agent'
                - 'DNT'
              QueryString: true
              QueryStringCacheKeys:
                - 'q'
            ViewerProtocolPolicy: https-only
        DefaultRootObject: index.html
        Enabled: 'true'
        PriceClass: PriceClass_200
        ViewerCertificate:
          AcmCertificateArn: !Ref certificateArn
          SslSupportMethod: sni-only
Outputs:
  # ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
  # Find out more about other implicit resources you can reference within SAM
  # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
  ServerlessFunctionApi:
    Description: 'API Gateway endpoint URL for Prod stage for the serverless function'
    Value: !Sub 'https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/suggest/'
  ServerlessFunction:
    Description: 'The serverless Lambda Function ARN'
    Value: !GetAtt ServerlessFunction.Arn
  ServerlessFunctionIamRole:
    Description: 'Implicit IAM Role created for the serverless function'
    Value: !GetAtt ServerlessFunctionRole.Arn
  CloudFrontDomainName:
    Description: 'Domain name of CloudFront distribution'
    Value: !GetAtt CloudFrontDistribution.DomainName