iDVB/_redirects

## _redirects
# Place this file in the route of your S3 bucket
# https://www.npmjs.com/package/middy-reroute

# Redirect with 301
/home           /
/google         https://www.google.com

# Redirect with 302
/my-redirect    /             302

# Rewrite a path
/pass-through   /index.html   200
/*              /index.html   200

# Custom 404
/ecommerce      /closed       404

# Placeholders
/news/:year/:month/:date/:slug    /blog/:date/:month/:year/:slug

# Splats
/news/*   /blog/:splat

# Proxying
/api/*  https://api.example.com/:splat  200

# Country
/  /china   302  Country=cn,hk,tw
/  /israel  302  Country=il

# Language
/china/*  /china/zh-cn/:splat  302  Language=zh

## lambda.js
'use strict';

const middy = require('middy');
const { reroute } = require('middy-reroute'); // https://www.npmjs.com/package/middy-reroute

const handler = middy((event, context, cb) => {
  const request = !!event.Records ? event.Records[0].cf.request : event;
  cb(null, request);
}).use(
  reroute({
    cacheTtl: 2,
  }),
);

module.exports = { handler };

## template.yaml
Transform: AWS::Serverless-2016-10-31

Globals:
  Function:
    Runtime: nodejs10.x
    Handler: index.handler

Parameters:
  DomainParam:
    Type: String
    Description: Domain to be extended with subdomains Eg. domain.com or sub.domain.com
  SSLCertARN:
    Type: String
    Description: WildCard SSL Certificate ARN

Resources:
  DefaultBucket:
    Type: AWS::S3::Bucket
  DefaultBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket:
        Ref: DefaultBucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          Effect: Allow
          Principal:
            AWS: !GetAtt OriginRequestRole.Arn
            CanonicalUser: !GetAtt CloudfrontOAI.S3CanonicalUserId
          Action:
            - s3:ListBucket
            - s3:GetObject
          Resource:
            - !Sub arn:aws:s3:::${DefaultBucket}
            - !Sub arn:aws:s3:::${DefaultBucket}/*
  OriginRequestFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/originrequest
      MemorySize: 512
      AutoPublishAlias: live
      Role: !GetAtt OriginRequestRole.Arn
  OriginRequestLogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub /aws/lambda/${OriginRequestFunction}
      RetentionInDays: 3
  OriginRequestRole:
    Type: AWS::IAM::Role
    Properties:
      Path: /
      RoleName: !Sub ${AWS::StackName}-originrequest-role
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
                - edgelambda.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub ${AWS::StackName}-originrequest-role
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                  - logs:DescribeLogStreams
                Resource: arn:aws:logs:*:*:*
  CloudfrontOAI:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: !Sub Created for ${AWS::StackName}
  CDN:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Aliases:
          - !Sub "*.${DomainParam}"
        ViewerCertificate:
          AcmCertificateArn: !Ref SSLCertARN
          SslSupportMethod: sni-only
          MinimumProtocolVersion: TLSv1.2_2018
        Enabled: true
        HttpVersion: http2
        PriceClass: PriceClass_All
        IPV6Enabled: true
        DefaultCacheBehavior:
          AllowedMethods:
            - DELETE
            - GET
            - HEAD
            - OPTIONS
            - PATCH
            - POST
            - PUT
          CachedMethods:
            - GET
            - HEAD
          Compress: true
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
            Headers:
              - Host
              - CloudFront-Viewer-Country
              - Accept-Language
          DefaultTTL: 0
          MaxTTL: 0
          MinTTL: 0
          TargetOriginId: WebsiteBucketOrigin
          ViewerProtocolPolicy: redirect-to-https
          LambdaFunctionAssociations:
            - EventType: origin-request
              LambdaFunctionARN: !Ref OriginRequestFunction.Version
        Origins:
          - DomainName: !GetAtt DefaultBucket.DomainName
            Id: WebsiteBucketOrigin
            S3OriginConfig:
              OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudfrontOAI}
	# Place this file in the route of your S3 bucket
	# https://www.npmjs.com/package/middy-reroute

	# Redirect with 301
	/home /
	/google https://www.google.com

	# Redirect with 302
	/my-redirect / 302

	# Rewrite a path
	/pass-through /index.html 200
	/* /index.html 200

	# Custom 404
	/ecommerce /closed 404

	# Placeholders
	/news/:year/:month/:date/:slug /blog/:date/:month/:year/:slug

	# Splats
	/news/* /blog/:splat

	# Proxying
	/api/* https://api.example.com/:splat 200

	# Country
	/ /china 302 Country=cn,hk,tw
	/ /israel 302 Country=il

	# Language
	/china/* /china/zh-cn/:splat 302 Language=zh
	'use strict';

	const middy = require('middy');
	const { reroute } = require('middy-reroute'); // https://www.npmjs.com/package/middy-reroute

	const handler = middy((event, context, cb) => {
	const request = !!event.Records ? event.Records[0].cf.request : event;
	cb(null, request);
	}).use(
	reroute({
	cacheTtl: 2,
	}),
	);

	module.exports = { handler };
	Transform: AWS::Serverless-2016-10-31

	Globals:
	Function:
	Runtime: nodejs10.x
	Handler: index.handler

	Parameters:
	DomainParam:
	Type: String
	Description: Domain to be extended with subdomains Eg. domain.com or sub.domain.com
	SSLCertARN:
	Type: String
	Description: WildCard SSL Certificate ARN

	Resources:
	DefaultBucket:
	Type: AWS::S3::Bucket
	DefaultBucketPolicy:
	Type: AWS::S3::BucketPolicy
	Properties:
	Bucket:
	Ref: DefaultBucket
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	Effect: Allow
	Principal:
	AWS: !GetAtt OriginRequestRole.Arn
	CanonicalUser: !GetAtt CloudfrontOAI.S3CanonicalUserId
	Action:
	- s3:ListBucket
	- s3:GetObject
	Resource:
	- !Sub arn:aws:s3:::${DefaultBucket}
	- !Sub arn:aws:s3:::${DefaultBucket}/*
	OriginRequestFunction:
	Type: AWS::Serverless::Function
	Properties:
	CodeUri: src/originrequest
	MemorySize: 512
	AutoPublishAlias: live
	Role: !GetAtt OriginRequestRole.Arn
	OriginRequestLogGroup:
	Type: AWS::Logs::LogGroup
	Properties:
	LogGroupName: !Sub /aws/lambda/${OriginRequestFunction}
	RetentionInDays: 3
	OriginRequestRole:
	Type: AWS::IAM::Role
	Properties:
	Path: /
	RoleName: !Sub ${AWS::StackName}-originrequest-role
	AssumeRolePolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- lambda.amazonaws.com
	- edgelambda.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: !Sub ${AWS::StackName}-originrequest-role
	PolicyDocument:
	Version: 2012-10-17
	Statement:
	- Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	- logs:DescribeLogStreams
	Resource: arn:aws:logs:::*
	CloudfrontOAI:
	Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
	Properties:
	CloudFrontOriginAccessIdentityConfig:
	Comment: !Sub Created for ${AWS::StackName}
	CDN:
	Type: AWS::CloudFront::Distribution
	Properties:
	DistributionConfig:
	Aliases:
	- !Sub "*.${DomainParam}"
	ViewerCertificate:
	AcmCertificateArn: !Ref SSLCertARN
	SslSupportMethod: sni-only
	MinimumProtocolVersion: TLSv1.2_2018
	Enabled: true
	HttpVersion: http2
	PriceClass: PriceClass_All
	IPV6Enabled: true
	DefaultCacheBehavior:
	AllowedMethods:
	- DELETE
	- GET
	- HEAD
	- OPTIONS
	- PATCH
	- POST
	- PUT
	CachedMethods:
	- GET
	- HEAD
	Compress: true
	ForwardedValues:
	QueryString: true
	Cookies:
	Forward: none
	Headers:
	- Host
	- CloudFront-Viewer-Country
	- Accept-Language
	DefaultTTL: 0
	MaxTTL: 0
	MinTTL: 0
	TargetOriginId: WebsiteBucketOrigin
	ViewerProtocolPolicy: redirect-to-https
	LambdaFunctionAssociations:
	- EventType: origin-request
	LambdaFunctionARN: !Ref OriginRequestFunction.Version
	Origins:
	- DomainName: !GetAtt DefaultBucket.DomainName
	Id: WebsiteBucketOrigin
	S3OriginConfig:
	OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudfrontOAI}