-
-
Save heitorlessa/6cf10d8591ccdc8b9219b6fad8d16d5c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion : '2010-09-09' | |
Transform: AWS::Serverless-2016-10-31 | |
Description: | | |
Some infrastructure | |
Resources: | |
S3HomeBucket: | |
Type: 'AWS::S3::Bucket' | |
Properties: | |
AccessControl: PublicRead | |
BucketName: the-site-home | |
BucketPolicy: | |
Type: 'AWS::S3::BucketPolicy' | |
Properties: | |
PolicyDocument: | |
Id: S3HomeBucketPolicy | |
Version: 2012-10-17 | |
Statement: | |
- Sid: PublicReadForGetBucketObjects | |
Effect: Allow | |
Principal: '*' | |
Action: 's3:GetObject' | |
Resource: !Join | |
- '' | |
- - 'arn:aws:s3:::' | |
- !Ref S3HomeBucket | |
- /* | |
Bucket: !Ref S3HomeBucket | |
homePageDistribution: | |
Type: AWS::CloudFront::Distribution | |
Properties: | |
DistributionConfig: | |
Origins: | |
- DomainName: !Sub ${S3HomeBucket}.s3.amazonaws.com | |
Id: myS3Origin | |
S3OriginConfig: | |
OriginAccessIdentity: origin-access-identity/cloudfront/my-id | |
Enabled: True | |
Comment: the static home page cdn | |
DefaultRootObject: index.html | |
Aliases: | |
- the.info | |
DefaultCacheBehavior: | |
AllowedMethods: | |
- GET | |
- HEAD | |
- OPTIONS | |
TargetOriginId: myS3Origin | |
ForwardedValues: | |
QueryString: False | |
Cookies: | |
Forward: none | |
ViewerProtocolPolicy: allow-all | |
PriceClass: PriceClass_100 | |
ViewerCertificate: | |
CloudFrontDefaultCertificate: True | |
CloudfrontInvalidatingFunction: | |
Type: AWS::Serverless::Function | |
Properties: | |
Runtime: nodejs8.10 | |
Handler: invalidateStaticFiles.handler | |
Timeout: 60 | |
# This Environment block creates the circular dependency | |
## CF needs S3 to be created first | |
#### Lambda needs CF and S3 to be created first | |
##### S3 needs S3->Lambda permission to be created first | |
###### [Fails] S3->Lambda permission needs Lambda to be created first | |
###### --> This circles back to point 2 | |
Environment: | |
Variables: | |
DISTRIBUTION_ID: !Ref homePageDistribution | |
Events: | |
AnyChange: | |
Type: S3 | |
Properties: | |
Bucket: !Ref S3HomeBucket | |
Events: s3:* | |
CloudfrontFunctionPermissions: | |
Type: "AWS::IAM::Policy" | |
Properties: | |
PolicyName: "CloudfrontCacheInvalidation" | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: "cloudfront:CreateInvalidation" | |
Resource: !Sub "arn:aws:cloudfront:${AWS::Region}::${AWS::AccountId}:${homePageDistribution}" | |
Roles: | |
- !Ref CloudfrontInvalidatingFunctionRole | |
Outputs: | |
SiteBucketName: | |
Description: the name of the s3 bucket referenced by cloudfront | |
Value: !Ref S3HomeBucket | |
Export: | |
Name: the-site-home-bucket-name | |
CloudFrontId: | |
Description: the id of the cloudfront distribution for the | |
Value: !Ref homePageDistribution | |
Export: | |
Name: the-site-cloudfront-distribution-id |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: '2010-09-09' | |
Description: 'Some infrastructure | |
' | |
Outputs: | |
CloudFrontId: | |
Description: the id of the cloudfront distribution for the | |
Export: | |
Name: the-site-cloudfront-distribution-id | |
Value: | |
Ref: homePageDistribution | |
SiteBucketName: | |
Description: the name of the s3 bucket referenced by cloudfront | |
Export: | |
Name: the-site-home-bucket-name | |
Value: | |
Ref: S3HomeBucket | |
Resources: | |
BucketPolicy: | |
Properties: | |
Bucket: | |
Ref: S3HomeBucket | |
PolicyDocument: | |
Id: S3HomeBucketPolicy | |
Statement: | |
- Action: s3:GetObject | |
Effect: Allow | |
Principal: '*' | |
Resource: | |
Fn::Join: | |
- '' | |
- - 'arn:aws:s3:::' | |
- Ref: S3HomeBucket | |
- /* | |
Sid: PublicReadForGetBucketObjects | |
Version: 2012-10-17 | |
Type: AWS::S3::BucketPolicy | |
CloudfrontFunctionPermissions: | |
Properties: | |
PolicyDocument: | |
Statement: | |
- Action: cloudfront:CreateInvalidation | |
Effect: Allow | |
Resource: | |
Fn::Sub: arn:aws:cloudfront:${AWS::Region}::${AWS::AccountId}:${homePageDistribution} | |
Version: '2012-10-17' | |
PolicyName: CloudfrontCacheInvalidation | |
Roles: | |
- Ref: CloudfrontInvalidatingFunctionRole | |
Type: AWS::IAM::Policy | |
CloudfrontInvalidatingFunction: | |
Properties: | |
Code: | |
S3Bucket: bucket | |
S3Key: value | |
Environment: | |
Variables: | |
DISTRIBUTION_ID: | |
Ref: homePageDistribution | |
Handler: invalidateStaticFiles.handler | |
Role: | |
Fn::GetAtt: | |
- CloudfrontInvalidatingFunctionRole | |
- Arn | |
Runtime: nodejs8.10 | |
Tags: | |
- Key: lambda:createdBy | |
Value: SAM | |
Timeout: 60 | |
Type: AWS::Lambda::Function | |
CloudfrontInvalidatingFunctionAnyChangePermission: | |
Properties: | |
Action: lambda:invokeFunction | |
FunctionName: | |
Ref: CloudfrontInvalidatingFunction | |
Principal: s3.amazonaws.com | |
SourceAccount: | |
Ref: AWS::AccountId | |
Type: AWS::Lambda::Permission | |
CloudfrontInvalidatingFunctionRole: | |
Properties: | |
AssumeRolePolicyDocument: | |
Statement: | |
- Action: | |
- sts:AssumeRole | |
Effect: Allow | |
Principal: | |
Service: | |
- lambda.amazonaws.com | |
Version: '2012-10-17' | |
ManagedPolicyArns: | |
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole | |
Type: AWS::IAM::Role | |
S3HomeBucket: | |
DependsOn: | |
- CloudfrontInvalidatingFunctionAnyChangePermission | |
Properties: | |
AccessControl: PublicRead | |
BucketName: the-site-home | |
NotificationConfiguration: | |
LambdaConfigurations: | |
- Event: s3:* | |
Function: | |
Fn::GetAtt: | |
- CloudfrontInvalidatingFunction | |
- Arn | |
Type: AWS::S3::Bucket | |
homePageDistribution: | |
Properties: | |
DistributionConfig: | |
Aliases: | |
- the.info | |
Comment: the static home page cdn | |
DefaultCacheBehavior: | |
AllowedMethods: | |
- GET | |
- HEAD | |
- OPTIONS | |
ForwardedValues: | |
Cookies: | |
Forward: none | |
QueryString: false | |
TargetOriginId: myS3Origin | |
ViewerProtocolPolicy: allow-all | |
DefaultRootObject: index.html | |
Enabled: true | |
Origins: | |
- DomainName: | |
Fn::Sub: ${S3HomeBucket}.s3.amazonaws.com | |
Id: myS3Origin | |
S3OriginConfig: | |
OriginAccessIdentity: origin-access-identity/cloudfront/my-id | |
PriceClass: PriceClass_100 | |
ViewerCertificate: | |
CloudFrontDefaultCertificate: true | |
Type: AWS::CloudFront::Distribution |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment