Guneetgstar/serverless.yaml

## serverless.yaml
service: a-stack-name
org: someOrg

provider:
  name: aws
  runtime: nodejs12.x
  stackName: a-stack-name

resources:
  Resources:

  CdnDistribution:
      Type: AWS::CloudFront::Distribution
      DependsOn:
        - CdnBucket
        - CdnDistributionOriginAccessId
      Properties:
        DistributionConfig:
          Aliases:
            - cdn.example.in
          Comment: CDN
          DefaultRootObject: "index.html"
          Origins:
            - Id:
                Fn::Join:
                  - ""
                  - - "S3-"
                    - Ref: CdnBucket
              DomainName:
                Fn::GetAtt: ['CdnBucket','RegionalDomainName']
              S3OriginConfig:
                OriginAccessIdentity:
                  Fn::Join:
                    - ""
                    - - "origin-access-identity/cloudfront/"
                      - Ref: CdnDistributionOriginAccessId
          DefaultCacheBehavior:
            AllowedMethods:
              - GET
              - HEAD
            CachedMethods:
              - GET
              - HEAD
            TargetOriginId:
              Fn::Join:
                - ""
                - - "S3-"
                  - Ref: CdnBucket
            ViewerProtocolPolicy: redirect-to-https
            CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
          Enabled: true
          HttpVersion: http2
          IPV6Enabled: true
          ViewerCertificate:
            AcmCertificateArn: arn:aws:acm:us-east-1:{your_aws_account_id}:certificate/{certificate_id}
            SslSupportMethod: sni-only
            MinimumProtocolVersion: TLSv1.2_2019

    CdnDistributionOriginAccessId:
      Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
      Properties:
        CloudFrontOriginAccessIdentityConfig:
          Comment: Something


    CdnBucket:
      Type: AWS::S3::Bucket
      Properties:
        Bucketname: ${env:CdnBucketName}
        PublicAccessBlockConfiguration:
          BlockPublicAcls: true
          BlockPublicPolicy: true
          IgnorePublicAcls: true
          RestrictPublicBuckets: true
        CdnBucketPolicy:
      Type: AWS::S3::BucketPolicy
      DependsOn:
        - CdnBucket
        - CdnDistribution
      Properties:
        Bucket:
          Ref: CdnBucket
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - "s3:GetObject"
              Resource:
                - Fn::Join:
                    - ""
                    - - "arn:aws:s3:::"
                      - Ref: CdnBucket
                      - "/*"
              Principal:
                AWS:
                  Fn::Join:
                    - ""
                    - - 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity'
                      - ' '
                      - Ref: CdnDistributionOriginAccessId
	service: a-stack-name
	org: someOrg

	provider:
	name: aws
	runtime: nodejs12.x
	stackName: a-stack-name

	resources:
	Resources:

	CdnDistribution:
	Type: AWS::CloudFront::Distribution
	DependsOn:
	- CdnBucket
	- CdnDistributionOriginAccessId
	Properties:
	DistributionConfig:
	Aliases:
	- cdn.example.in
	Comment: CDN
	DefaultRootObject: "index.html"
	Origins:
	- Id:
	Fn::Join:
	- ""
	- - "S3-"
	- Ref: CdnBucket
	DomainName:
	Fn::GetAtt: ['CdnBucket','RegionalDomainName']
	S3OriginConfig:
	OriginAccessIdentity:
	Fn::Join:
	- ""
	- - "origin-access-identity/cloudfront/"
	- Ref: CdnDistributionOriginAccessId
	DefaultCacheBehavior:
	AllowedMethods:
	- GET
	- HEAD
	CachedMethods:
	- GET
	- HEAD
	TargetOriginId:
	Fn::Join:
	- ""
	- - "S3-"
	- Ref: CdnBucket
	ViewerProtocolPolicy: redirect-to-https
	CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
	Enabled: true
	HttpVersion: http2
	IPV6Enabled: true
	ViewerCertificate:
	AcmCertificateArn: arn:aws:acm:us-east-1:{your_aws_account_id}:certificate/{certificate_id}
	SslSupportMethod: sni-only
	MinimumProtocolVersion: TLSv1.2_2019

	CdnDistributionOriginAccessId:
	Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
	Properties:
	CloudFrontOriginAccessIdentityConfig:
	Comment: Something


	CdnBucket:
	Type: AWS::S3::Bucket
	Properties:
	Bucketname: ${env:CdnBucketName}
	PublicAccessBlockConfiguration:
	BlockPublicAcls: true
	BlockPublicPolicy: true
	IgnorePublicAcls: true
	RestrictPublicBuckets: true
	CdnBucketPolicy:
	Type: AWS::S3::BucketPolicy
	DependsOn:
	- CdnBucket
	- CdnDistribution
	Properties:
	Bucket:
	Ref: CdnBucket
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- "s3:GetObject"
	Resource:
	- Fn::Join:
	- ""
	- - "arn:aws:s3:::"
	- Ref: CdnBucket
	- "/*"
	Principal:
	AWS:
	Fn::Join:
	- ""
	- - 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity'
	- ' '
	- Ref: CdnDistributionOriginAccessId