Last active
June 28, 2021 15:46
-
-
Save DavidWells/be078deef45f8cb2e280ccc7af947392 to your computer and use it in GitHub Desktop.
Using conditional "Fn::Equals" for cloudformation resources. From https://github.com/KlickMarketing/demo-site/blob/master/serverless.yml#L55 including no value
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resources: | |
| Description: Demo Site | |
| Conditions: | |
| isProd: {"Fn::Equals" : ["${self:custom.stageFlag}", "prod"]} | |
| isRC: {"Fn::Equals" : ["${self:custom.stageFlag}", "rc"]} | |
| isDev: {"Fn::Equals" : ["${self:custom.stageFlag}", "dev"]} | |
| isProdOrRC: {"Fn::Or": [{"Condition": "isProd"}, {"Condition": "isRC" }]} | |
| Resources: | |
| ProxyEntry: | |
| Type: 'Custom::MarketingStackProxyEntry' | |
| Condition: isDev | |
| Version: '1.0' | |
| Properties: | |
| ServiceToken: | |
| Fn::ImportValue: | |
| Fn::Sub: "demo-stack-entry-cfn-dev-arn" | |
| Host: ${self:custom.domain} | |
| Origin: {"Fn::GetAtt": [WebsiteBucket, DomainName]} | |
| WebsiteBucket: | |
| Type: "AWS::S3::Bucket" | |
| Properties: | |
| AccessControl: Private | |
| # AccelerateConfiguration: | |
| BucketPolicy: | |
| Type: "AWS::S3::BucketPolicy" | |
| Properties: | |
| Bucket: {Ref: WebsiteBucket} | |
| PolicyDocument: | |
| Version: "2012-10-17" | |
| Statement: | |
| Effect: Allow | |
| Principal: | |
| Fn::If: | |
| - isProdOrRC | |
| - CanonicalUser: | |
| - {"Fn::GetAtt": [CloudfrontOAI, S3CanonicalUserId]} | |
| - CanonicalUser: | |
| - {"Fn::ImportValue": "demo-stack-proxy-dev-S3CanonicalUserId"} | |
| Action: | |
| - s3:ListBucket | |
| - s3:GetObject | |
| Resource: | |
| - {"Fn::Join": ["", ["arn:aws:s3:::", {Ref: WebsiteBucket}]]} | |
| - {"Fn::Join": ["", ["arn:aws:s3:::", {Ref: WebsiteBucket}, "/*"]]} | |
| CloudfrontOAI: | |
| Type: "AWS::CloudFront::CloudFrontOriginAccessIdentity" | |
| Condition: isProdOrRC | |
| Properties: | |
| CloudFrontOriginAccessIdentityConfig: | |
| Comment: Created for ${self:custom.stackname} | |
| CDN: | |
| Type: "AWS::CloudFront::Distribution" | |
| Condition: isProdOrRC | |
| Properties: | |
| DistributionConfig: | |
| # WebACLId: | |
| # Fn::If: | |
| # - isProd | |
| # - {Ref: AWS::NoValue} | |
| # - {Fn::ImportValue: "wafacl-prod"} | |
| Aliases: | |
| - ${self:custom.domain} | |
| Enabled: true | |
| HttpVersion: http2 | |
| PriceClass: PriceClass_All | |
| IPV6Enabled: true | |
| DefaultRootObject: index.html | |
| CustomErrorResponses: | |
| - ErrorCode: 404 | |
| ResponseCode: 404 | |
| ResponsePagePath: /error.html | |
| Origins: | |
| - DomainName: {"Fn::GetAtt": [WebsiteBucket, DomainName]} | |
| Id: s3-origin | |
| S3OriginConfig: | |
| OriginAccessIdentity: {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {Ref: CloudfrontOAI}]]} | |
| DefaultCacheBehavior: | |
| AllowedMethods: | |
| - GET | |
| - HEAD | |
| CachedMethods: | |
| - GET | |
| - HEAD | |
| Compress: true | |
| ForwardedValues: | |
| QueryString: false | |
| Cookies: | |
| Forward: none | |
| DefaultTTL: 3600 | |
| MaxTTL: 86400 | |
| MinTTL: 0 | |
| # PathPattern: String | |
| # SmoothStreaming: Boolean | |
| TargetOriginId: s3-origin | |
| # TrustedSigners: | |
| # - String | |
| ViewerProtocolPolicy: redirect-to-https | |
| Tags: ${self:custom.Tags} | |
| DnsRecords: | |
| Condition: isProdOrRC | |
| Type: "AWS::Route53::RecordSetGroup" | |
| Properties: | |
| HostedZoneName: | |
| Fn::If: | |
| - isRC | |
| - demo.com. | |
| - ${self:custom.domain}. | |
| Comment: "DNS records associated with ${self:custom.stackname}" | |
| RecordSets: | |
| - Name: ${self:custom.domain} | |
| Type: A | |
| AliasTarget: | |
| DNSName: {"Fn::GetAtt": [CDN, DomainName]} | |
| HostedZoneId: Z2FDTNDATAQYW2 |
Author
DavidWells
commented
Jul 9, 2020
More!
#### Cloudformation Conditions ####
Conditions:
IsProd: {"Fn::Equals": ["${self:provider.stage}", "prod"]}
IsStaging: {"Fn::Equals": ["${self:provider.stage}", "staging"]}
IsDev: {"Fn::Equals": ["${self:provider.stage}", "dev"]}
IsIntegration: {
"Fn::And": [
{"Fn::Not": [{"Condition": "IsProd"}] },
{"Fn::Not": [{"Condition": "IsStaging"}] },
{"Fn::Not": [{"Condition": "IsDev"}] },
]
}
IsProdOrStaging: {"Fn::Or": [{ "Condition": "IsProd"}, {"Condition": "IsStaging" }]}
# Check for SES ARN for cognito email sending
HasCognitoEmailSenderArn: {
"Fn::Not": [{ "Fn::Equals" : ["", { Ref: CognitoEmailSenderArn }] }]
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment