giordanocardillo/template.yaml

## template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  BucketName:
    Type: String
    AllowedPattern: '^[A-Za-z0-9-]*$'
    ConstraintDescription: 'Must be a valid S3 bucket name'
    Description: 'Input the bucket name you want to create'
  CloudFrontDistributionCNAME:
    Type: String
    Description: 'Input the CloudFront distribution CNAME'
  ACMCertificateARN:
    Type: String
    Default: arn:aws:acm:us-east-1:052551819828:certificate/25234596-ae67-4b9f-bddf-4d2b28a1e5b0
    Description: 'Input the certificate ARN to associate it to the CloudFront distribution'
    AllowedPattern: '^arn:aws:acm:us-east-1:[0-9]{12}:certificate/.*$'
    ConstraintDescription: 'Must be a valid us-east-1 ACM ARN'
Resources:
  OAI:
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
    Properties:
        CloudFrontOriginAccessIdentityConfig:
            Comment: !Join [' ', [!Ref 'BucketName', 'OAI']]
  Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Ref BucketName
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
  BucketPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Properties:
      Bucket: !Ref BucketName
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Principal:
              AWS: !Join ['', ['arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ', !Ref OAI]]
            Action:
              - s3:GetObject
            Resource:
              - !Join ['', ['arn:aws:s3:::', !Ref 'BucketName', '/*']]
  Distribution:
    Type: 'AWS::CloudFront::Distribution'
    Properties:
      DistributionConfig:
        Enabled: true
        Aliases:
          - !Ref CloudFrontDistributionCNAME
        DefaultRootObject: index.html
        HttpVersion: http2
        Origins:
          - Id: !Ref BucketName
            DomainName: !GetAtt Bucket.RegionalDomainName
            S3OriginConfig:
              OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref OAI]]
        ViewerCertificate:
          AcmCertificateArn: !Ref ACMCertificateARN
          MinimumProtocolVersion: TLSv1.2_2021
          SslSupportMethod: sni-only
        DefaultCacheBehavior:
          Compress: true
          ViewerProtocolPolicy: redirect-to-https
          TargetOriginId: !Ref BucketName
          AllowedMethods:
            - GET
            - HEAD
          CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
          OriginRequestPolicyId: 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf
          ResponseHeadersPolicyId: 5cc3b908-e619-4b99-88e5-2cf7f45965bd
Outputs:
  DNSEntry:
    Value: !Join ['', [!Ref 'CloudFrontDistributionCNAME', ' CNAME ', !GetAtt 'Distribution.DomainName', '.']]
	AWSTemplateFormatVersion: '2010-09-09'
	Parameters:
	BucketName:
	Type: String
	AllowedPattern: '^[A-Za-z0-9-]*$'
	ConstraintDescription: 'Must be a valid S3 bucket name'
	Description: 'Input the bucket name you want to create'
	CloudFrontDistributionCNAME:
	Type: String
	Description: 'Input the CloudFront distribution CNAME'
	ACMCertificateARN:
	Type: String
	Default: arn:aws:acm:us-east-1:052551819828:certificate/25234596-ae67-4b9f-bddf-4d2b28a1e5b0
	Description: 'Input the certificate ARN to associate it to the CloudFront distribution'
	AllowedPattern: '^arn:aws:acm:us-east-1:[0-9]{12}:certificate/.*$'
	ConstraintDescription: 'Must be a valid us-east-1 ACM ARN'
	Resources:
	OAI:
	Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
	Properties:
	CloudFrontOriginAccessIdentityConfig:
	Comment: !Join [' ', [!Ref 'BucketName', 'OAI']]
	Bucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	BucketName: !Ref BucketName
	PublicAccessBlockConfiguration:
	BlockPublicAcls: true
	BlockPublicPolicy: true
	IgnorePublicAcls: true
	RestrictPublicBuckets: true
	BucketPolicy:
	Type: 'AWS::S3::BucketPolicy'
	Properties:
	Bucket: !Ref BucketName
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: 'Allow'
	Principal:
	AWS: !Join ['', ['arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ', !Ref OAI]]
	Action:
	- s3:GetObject
	Resource:
	- !Join ['', ['arn:aws:s3:::', !Ref 'BucketName', '/*']]
	Distribution:
	Type: 'AWS::CloudFront::Distribution'
	Properties:
	DistributionConfig:
	Enabled: true
	Aliases:
	- !Ref CloudFrontDistributionCNAME
	DefaultRootObject: index.html
	HttpVersion: http2
	Origins:
	- Id: !Ref BucketName
	DomainName: !GetAtt Bucket.RegionalDomainName
	S3OriginConfig:
	OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref OAI]]
	ViewerCertificate:
	AcmCertificateArn: !Ref ACMCertificateARN
	MinimumProtocolVersion: TLSv1.2_2021
	SslSupportMethod: sni-only
	DefaultCacheBehavior:
	Compress: true
	ViewerProtocolPolicy: redirect-to-https
	TargetOriginId: !Ref BucketName
	AllowedMethods:
	- GET
	- HEAD
	CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
	OriginRequestPolicyId: 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf
	ResponseHeadersPolicyId: 5cc3b908-e619-4b99-88e5-2cf7f45965bd
	Outputs:
	DNSEntry:
	Value: !Join ['', [!Ref 'CloudFrontDistributionCNAME', ' CNAME ', !GetAtt 'Distribution.DomainName', '.']]