knzm/cf-cloudfront-template.yml

## cf-cloudfront-template.yml
AWSTemplateFormatVersion: 2010-09-09
Parameters:
  Env: {Type: String, Default: dev, AllowedValues: [dev, stg, prod]}
  CanonicalName:
    Type: String
    Description: CNAME for the distribution.
  CloudFrontDefaultCertificate:
    Type: String
    AllowedValues: [true, false]
    Default: true
    Description: Whether CloudFront uses the default certificate.
  AcmCertificateArn:
    Type: String
    Default: ""
    Description: ARN of ACM Certificate to be used.
  IamCertificateId:
    Type: String
    Default: ""
    Description: ARN of IAM Certificate to be used.
  SslSupportMethod:
    Type: String
    AllowedValues: [vip, sni-only]
    Default: sni-only
    Description: How CloudFront serves HTTPS requests.
Conditions:
  HasCanonicalName: !Not [!Equals [!Ref CanonicalName, ""]]
  UseDefaultCertificate: !Equals [!Ref CloudFrontDefaultCertificate, "true"]
  UseAcmCertificate: !Not [!Equals [!Ref AcmCertificateArn, ""]]
  UseIamCertificate: !Not [!Equals [!Ref IamCertificateId, ""]]
Resources:
  Distribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        ...
        Aliases:
          Fn::If:
            - HasCanonicalName
            - [!Ref CanonicalName]
            - !Ref AWS::NoValue
        ViewerCertificate:
          Fn::If:
            - UseDefaultCertificate
            -
              CloudFrontDefaultCertificate: true
            - Fn::If:
                - UseAcmCertificate
                -
                  AcmCertificateArn: !Ref AcmCertificateArn
                  SslSupportMethod: !Ref SslSupportMethod
                - Fn::If:
                    - UseIamCertificate
                    -
                      IamCertificateId: !Ref IamCertificateId
                      SslSupportMethod: !Ref SslSupportMethod
                    - !Ref AWS::NoValue
	AWSTemplateFormatVersion: 2010-09-09
	Parameters:
	Env: {Type: String, Default: dev, AllowedValues: [dev, stg, prod]}
	CanonicalName:
	Type: String
	Description: CNAME for the distribution.
	CloudFrontDefaultCertificate:
	Type: String
	AllowedValues: [true, false]
	Default: true
	Description: Whether CloudFront uses the default certificate.
	AcmCertificateArn:
	Type: String
	Default: ""
	Description: ARN of ACM Certificate to be used.
	IamCertificateId:
	Type: String
	Default: ""
	Description: ARN of IAM Certificate to be used.
	SslSupportMethod:
	Type: String
	AllowedValues: [vip, sni-only]
	Default: sni-only
	Description: How CloudFront serves HTTPS requests.
	Conditions:
	HasCanonicalName: !Not [!Equals [!Ref CanonicalName, ""]]
	UseDefaultCertificate: !Equals [!Ref CloudFrontDefaultCertificate, "true"]
	UseAcmCertificate: !Not [!Equals [!Ref AcmCertificateArn, ""]]
	UseIamCertificate: !Not [!Equals [!Ref IamCertificateId, ""]]
	Resources:
	Distribution:
	Type: AWS::CloudFront::Distribution
	Properties:
	DistributionConfig:
	...
	Aliases:
	Fn::If:
	- HasCanonicalName
	- [!Ref CanonicalName]
	- !Ref AWS::NoValue
	ViewerCertificate:
	Fn::If:
	- UseDefaultCertificate
	-
	CloudFrontDefaultCertificate: true
	- Fn::If:
	- UseAcmCertificate
	-
	AcmCertificateArn: !Ref AcmCertificateArn
	SslSupportMethod: !Ref SslSupportMethod
	- Fn::If:
	- UseIamCertificate
	-
	IamCertificateId: !Ref IamCertificateId
	SslSupportMethod: !Ref SslSupportMethod
	- !Ref AWS::NoValue