Hosting assets from S3 via API Gateway.

cf.yaml

Resources:
  AssetsBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub ${AWS::StackName}-assets
  GetAssetsRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - apigateway.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        -
          PolicyName: GetAssetsRolePolicy
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              -
                Effect: Allow
                Resource: !Sub "arn:aws:s3:::${AWS::StackName}-assets"
                Action: "s3:GetObject"
  AssetsApiGateway:
    Type: "AWS::ApiGateway::RestApi"
    Properties:
      Name: !Ref ASSETSGATEWAY
  AssetsApiDeployment:
    Type: "AWS::ApiGateway::Deployment"
    Properties:
      RestApiId: !Ref AssetsApiGateway
      StageName: assets
      StageDescription:
        MetricsEnabled: true
        LoggingLevel: ERROR
        DataTraceEnabled: false
        CacheDataEncrypted: true
        CacheTtlInSeconds: 3600
        CachingEnabled: false
        CacheClusterEnabled: false
        CacheClusterSize: 0.5
        ThrottlingBurstLimit: 2000
        ThrottlingRateLimit: 5000
    DependsOn:
      - AssetsApiGatewayResourceGet
  AssetsApiGatewayResource:
    Type: "AWS::ApiGateway::Resource"
    Properties:
      RestApiId: !Ref AssetsApiGateway
      ParentId:
        Fn::GetAtt:
          - "AssetsApiGateway"
          - "RootResourceId"
      PathPart: "{proxy+}"
    DependsOn:
      - AssetsApiGateway
  AssetsApiGatewayResourceGet:
    Type: "AWS::ApiGateway::Method"
    DependsOn:
      - AssetsApiGatewayResource
    Properties:
      AuthorizationType: NONE
      HttpMethod: GET
      Integration:
        Type: AWS
        Credentials: !GetAtt GetAssetsRole.Arn
        CacheKeyParameters:
          - method.request.path.proxy
        IntegrationHttpMethod: GET
        IntegrationResponses:
          - StatusCode: 200
            ResponseParameters:
              method.response.header.Timestamp: integration.response.header.Date
              method.response.header.Content-Type: integration.response.header.Content-Type
              method.response.header.Content-Length: integration.response.header.Content-Length
        PassthroughBehavior: WHEN_NO_MATCH
        RequestParameters:
          integration.request.path.object: method.request.path.proxy
        Uri: !Sub "arn:aws:apigateway:${AWS::Region}:s3:path/${AWS::StackName}-assets/{object}"
      RequestParameters:
        method.request.path.proxy: true
      MethodResponses:
        - StatusCode: 200
          ResponseParameters:
            method.response.header.Timestamp: true
            method.response.header.Content-Type: true
            method.response.header.Content-Length: true
      ResourceId: !Ref AssetsApiGatewayResource
      RestApiId: !Ref AssetsApiGateway
  AssetsApiGatewayDomain:
    Type: AWS::ApiGateway::DomainName
    Properties:
      CertificateArn: !Ref CERTIFICATE
      DomainName: !Sub
          - "assets.${env}${domain}"
          - { env: !Ref ENV, domain: !Ref DOMAIN }
  AssetsApiGatewayBasePathMapping:
    Type: AWS::ApiGateway::BasePathMapping
    Properties:
      DomainName: !Ref AssetsApiGatewayDomain
      RestApiId: !Ref AssetsApiGateway
      Stage: assets
  AssetsApiGatewayDomainARecord:
    Type: AWS::Route53::RecordSet
    Properties:
      Type: A
      AliasTarget:
        DNSName: !GetAtt AssetsApiGatewayDomain.DistributionDomainName
        HostedZoneId: Z2FDTNDATAQYW2
      HostedZoneName: !Sub
        - "${domain}."
        - domain: !Ref DOMAIN
      Name: !Sub
        - "assets.${env}${domain}."
        - { env: !Ref ENV, domain: !Ref DOMAIN }