AWS CloudFormation Templates: CloudFront distribution with an S3 origin and SSL for static pages

## s3-cf-ssl.yml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CloudFront distribution with an S3 origin for static pages'

Parameters:
  domainName:
    Description: 'Domain name for your website (example.com)'
    Type: 'String'
  acmCertArn:
    Description: 'ACM Certification ARN (in us-east-1 region)'
    Type: 'String'
  app:
    Description: 'App name tag'
    Type: 'String'
  env:
    Description: 'Environment tag'
    Type: 'String'

Resources:
  bucket:
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: 'Delete' # Dont't panic: you must delete all objects in the bucket for deletion to succeed
    Properties:
      BucketName: !Ref domainName
      AccessControl: 'Private'
      WebsiteConfiguration:
        IndexDocument: 'index.html'
        ErrorDocument: 'error.html'
      Tags:
        - Key: 'app'
          Value: !Ref app
        - Key: 'env'
          Value: !Ref env

  bucketPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Metadata:
      Comment: 'Bucket policy to allow cloudfront to access the data'
    Properties:
      Bucket: !Ref bucket
      PolicyDocument:
        Statement:
          - Action:
              - 's3:GetObject'
            Effect: 'Allow'
            Principal:
              CanonicalUser: !GetAtt cfOriginAccessIdentity.S3CanonicalUserId
            Resource:
              - !Sub 'arn:aws:s3:::${bucket}/*'

  cfDistribution:
    Metadata:
      Comment: 'CloudFront distribution with an S3 origin for static pages'
    Properties:
      DistributionConfig:
        Aliases:
          - !Ref domainName
        DefaultCacheBehavior:
          TargetOriginId: !Sub 's3-origin-${bucket}'
          ViewerProtocolPolicy: 'redirect-to-https'
          ForwardedValues:
            QueryString: false
        DefaultRootObject: 'index.html'
        Enabled: true
        Origins:
          - DomainName: !GetAtt bucket.DomainName
            Id: !Sub 's3-origin-${bucket}'
            OriginPath: ''
            S3OriginConfig:
              OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${cfOriginAccessIdentity}'
        ViewerCertificate:
          SslSupportMethod: 'sni-only'
          AcmCertificateArn: !Ref acmCertArn
      Tags:
        - Key: 'app'
          Value: !Ref app
        - Key: 'env'
          Value: !Ref env
    Type: 'AWS::CloudFront::Distribution'

  cfOriginAccessIdentity:
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: 'Access S3 bucket content only through CloudFront'

Outputs:
  bucketName:
    Description: 'Bucket name'
    Value: !Ref bucket
  cfDistributionId:
    Description: 'Id for our cloudfront distribution'
    Value: !Ref cfDistribution
  cfDistributionDomainName:
    Description: 'Domain name for our cloudfront distribution'
    Value: !GetAtt cfDistribution.DomainName
	AWSTemplateFormatVersion: '2010-09-09'
	Description: 'CloudFront distribution with an S3 origin for static pages'

	Parameters:
	domainName:
	Description: 'Domain name for your website (example.com)'
	Type: 'String'
	acmCertArn:
	Description: 'ACM Certification ARN (in us-east-1 region)'
	Type: 'String'
	app:
	Description: 'App name tag'
	Type: 'String'
	env:
	Description: 'Environment tag'
	Type: 'String'

	Resources:
	bucket:
	Type: 'AWS::S3::Bucket'
	DeletionPolicy: 'Delete' # Dont't panic: you must delete all objects in the bucket for deletion to succeed
	Properties:
	BucketName: !Ref domainName
	AccessControl: 'Private'
	WebsiteConfiguration:
	IndexDocument: 'index.html'
	ErrorDocument: 'error.html'
	Tags:
	- Key: 'app'
	Value: !Ref app
	- Key: 'env'
	Value: !Ref env

	bucketPolicy:
	Type: 'AWS::S3::BucketPolicy'
	Metadata:
	Comment: 'Bucket policy to allow cloudfront to access the data'
	Properties:
	Bucket: !Ref bucket
	PolicyDocument:
	Statement:
	- Action:
	- 's3:GetObject'
	Effect: 'Allow'
	Principal:
	CanonicalUser: !GetAtt cfOriginAccessIdentity.S3CanonicalUserId
	Resource:
	- !Sub 'arn:aws:s3:::${bucket}/*'

	cfDistribution:
	Metadata:
	Comment: 'CloudFront distribution with an S3 origin for static pages'
	Properties:
	DistributionConfig:
	Aliases:
	- !Ref domainName
	DefaultCacheBehavior:
	TargetOriginId: !Sub 's3-origin-${bucket}'
	ViewerProtocolPolicy: 'redirect-to-https'
	ForwardedValues:
	QueryString: false
	DefaultRootObject: 'index.html'
	Enabled: true
	Origins:
	- DomainName: !GetAtt bucket.DomainName
	Id: !Sub 's3-origin-${bucket}'
	OriginPath: ''
	S3OriginConfig:
	OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${cfOriginAccessIdentity}'
	ViewerCertificate:
	SslSupportMethod: 'sni-only'
	AcmCertificateArn: !Ref acmCertArn
	Tags:
	- Key: 'app'
	Value: !Ref app
	- Key: 'env'
	Value: !Ref env
	Type: 'AWS::CloudFront::Distribution'

	cfOriginAccessIdentity:
	Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
	Properties:
	CloudFrontOriginAccessIdentityConfig:
	Comment: 'Access S3 bucket content only through CloudFront'

	Outputs:
	bucketName:
	Description: 'Bucket name'
	Value: !Ref bucket
	cfDistributionId:
	Description: 'Id for our cloudfront distribution'
	Value: !Ref cfDistribution
	cfDistributionDomainName:
	Description: 'Domain name for our cloudfront distribution'
	Value: !GetAtt cfDistribution.DomainName