Skip to content

Instantly share code, notes, and snippets.

@nmagee
Last active February 7, 2022 20:17
Show Gist options
  • Save nmagee/ad9aa1324d883f01e03bbdf36cf7f28f to your computer and use it in GitHub Desktop.
Save nmagee/ad9aa1324d883f01e03bbdf36cf7f28f to your computer and use it in GitHub Desktop.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Simple CloudFront distribution with an S3 origin'
Parameters:
S3BucketName:
Type: String
Description: The name for the S3 bucket - must be unique across all of AWS
AllowedPattern: '^[a-z0-9]{5,40}$'
Resources:
S3Bucket:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store some data'
Properties:
BucketName: !Ref S3BucketName
AccessControl: Private
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
Type: 'AWS::S3::Bucket'
DeletionPolicy: Delete
S3BucketPolicy:
Metadata:
Comment: 'Bucket policy to allow cloudfront to access the data'
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Id: PubWebPolicy
Version: 2012-10-17
Statement:
- Action:
- 's3:GetObject'
Effect: 'Allow'
Principal:
CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
Resource:
- !Sub 'arn:aws:s3:::${S3Bucket}/*'
Type: 'AWS::S3::BucketPolicy'
DeletionPolicy: Delete
CfDistribution:
Metadata:
Comment: 'A simple CloudFront distribution with an S3 origin'
Properties:
DistributionConfig:
Comment: 'A simple distribution with an S3 origin'
DefaultCacheBehavior:
AllowedMethods:
- 'HEAD'
- 'GET'
CachedMethods:
- 'HEAD'
- 'GET'
Compress: false
DefaultTTL: 86400
ForwardedValues:
Cookies:
Forward: 'none'
Headers:
- 'Origin'
QueryString: false
MaxTTL: 31536000
MinTTL: 86400
TargetOriginId: !Sub 's3-origin-${S3Bucket}'
ViewerProtocolPolicy: 'redirect-to-https'
DefaultRootObject: 'index.html'
Enabled: true
HttpVersion: 'http1.1'
IPV6Enabled: false
Origins:
- DomainName: !GetAtt S3Bucket.DomainName
Id: !Sub 's3-origin-${S3Bucket}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
PriceClass: 'PriceClass_All'
Type: 'AWS::CloudFront::Distribution'
CfOriginAccessIdentity:
Metadata:
Comment: 'Access S3 bucket content only through CloudFront'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Outputs:
S3BucketName:
Description: 'Bucket name'
Value: !Ref S3Bucket
CfDistributionId:
Description: 'Id for our cloudfront distribution'
Value: !Ref CfDistribution
CfDistributionDomainName:
Description: 'Domain name for our cloudfront distribution'
Value: !GetAtt CfDistribution.DomainName
WebsiteURL:
Value: !GetAtt
- S3Bucket
- WebsiteURL
Description: 'URL for website hosted on S3'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment