nmagee/s3-cloudfront.template

## s3-cloudfront.template
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Simple CloudFront distribution with an S3 origin'

Parameters:
  S3BucketName:
    Type: String
    Description: The name for the S3 bucket - must be unique across all of AWS
    AllowedPattern: '^[a-z0-9]{5,40}$'

Resources:
  S3Bucket:
    DeletionPolicy: 'Delete'
    Metadata:
      Comment: 'Bucket to store some data'
    Properties:
      BucketName: !Ref S3BucketName
      AccessControl: Private
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Delete

  S3BucketPolicy:
    Metadata:
      Comment: 'Bucket policy to allow cloudfront to access the data'
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Id: PubWebPolicy
        Version: 2012-10-17
        Statement:
          - Action:
              - 's3:GetObject'
            Effect: 'Allow'
            Principal:
              CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
            Resource:
              - !Sub 'arn:aws:s3:::${S3Bucket}/*'
    Type: 'AWS::S3::BucketPolicy'
    DeletionPolicy: Delete

  CfDistribution:
    Metadata:
      Comment: 'A simple CloudFront distribution with an S3 origin'
    Properties:
      DistributionConfig:
        Comment: 'A simple distribution with an S3 origin'
        DefaultCacheBehavior:
          AllowedMethods:
            - 'HEAD'
            - 'GET'
          CachedMethods:
            - 'HEAD'
            - 'GET'
          Compress: false
          DefaultTTL: 86400
          ForwardedValues:
            Cookies:
              Forward: 'none'
            Headers:
              - 'Origin'
            QueryString: false
          MaxTTL: 31536000
          MinTTL: 86400
          TargetOriginId: !Sub 's3-origin-${S3Bucket}'
          ViewerProtocolPolicy: 'redirect-to-https'
        DefaultRootObject: 'index.html'
        Enabled: true
        HttpVersion: 'http1.1'
        IPV6Enabled: false
        Origins:
          - DomainName: !GetAtt S3Bucket.DomainName
            Id: !Sub 's3-origin-${S3Bucket}'
            OriginPath: ''
            S3OriginConfig:
              OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
        PriceClass: 'PriceClass_All'
    Type: 'AWS::CloudFront::Distribution'

  CfOriginAccessIdentity:
    Metadata:
      Comment: 'Access S3 bucket content only through CloudFront'
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: 'Access S3 bucket content only through CloudFront'
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'

Outputs:
  S3BucketName:
    Description: 'Bucket name'
    Value: !Ref S3Bucket
  CfDistributionId:
    Description: 'Id for our cloudfront distribution'
    Value: !Ref CfDistribution
  CfDistributionDomainName:
    Description: 'Domain name for our cloudfront distribution'
    Value: !GetAtt CfDistribution.DomainName
  WebsiteURL:
    Value: !GetAtt
      - S3Bucket
      - WebsiteURL
    Description: 'URL for website hosted on S3'
	AWSTemplateFormatVersion: '2010-09-09'
	Description: 'Simple CloudFront distribution with an S3 origin'

	Parameters:
	S3BucketName:
	Type: String
	Description: The name for the S3 bucket - must be unique across all of AWS
	AllowedPattern: '^[a-z0-9]{5,40}$'

	Resources:
	S3Bucket:
	DeletionPolicy: 'Delete'
	Metadata:
	Comment: 'Bucket to store some data'
	Properties:
	BucketName: !Ref S3BucketName
	AccessControl: Private
	WebsiteConfiguration:
	IndexDocument: index.html
	ErrorDocument: error.html
	Type: 'AWS::S3::Bucket'
	DeletionPolicy: Delete

	S3BucketPolicy:
	Metadata:
	Comment: 'Bucket policy to allow cloudfront to access the data'
	Properties:
	Bucket: !Ref S3Bucket
	PolicyDocument:
	Id: PubWebPolicy
	Version: 2012-10-17
	Statement:
	- Action:
	- 's3:GetObject'
	Effect: 'Allow'
	Principal:
	CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
	Resource:
	- !Sub 'arn:aws:s3:::${S3Bucket}/*'
	Type: 'AWS::S3::BucketPolicy'
	DeletionPolicy: Delete

	CfDistribution:
	Metadata:
	Comment: 'A simple CloudFront distribution with an S3 origin'
	Properties:
	DistributionConfig:
	Comment: 'A simple distribution with an S3 origin'
	DefaultCacheBehavior:
	AllowedMethods:
	- 'HEAD'
	- 'GET'
	CachedMethods:
	- 'HEAD'
	- 'GET'
	Compress: false
	DefaultTTL: 86400
	ForwardedValues:
	Cookies:
	Forward: 'none'
	Headers:
	- 'Origin'
	QueryString: false
	MaxTTL: 31536000
	MinTTL: 86400
	TargetOriginId: !Sub 's3-origin-${S3Bucket}'
	ViewerProtocolPolicy: 'redirect-to-https'
	DefaultRootObject: 'index.html'
	Enabled: true
	HttpVersion: 'http1.1'
	IPV6Enabled: false
	Origins:
	- DomainName: !GetAtt S3Bucket.DomainName
	Id: !Sub 's3-origin-${S3Bucket}'
	OriginPath: ''
	S3OriginConfig:
	OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
	PriceClass: 'PriceClass_All'
	Type: 'AWS::CloudFront::Distribution'

	CfOriginAccessIdentity:
	Metadata:
	Comment: 'Access S3 bucket content only through CloudFront'
	Properties:
	CloudFrontOriginAccessIdentityConfig:
	Comment: 'Access S3 bucket content only through CloudFront'
	Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'

	Outputs:
	S3BucketName:
	Description: 'Bucket name'
	Value: !Ref S3Bucket
	CfDistributionId:
	Description: 'Id for our cloudfront distribution'
	Value: !Ref CfDistribution
	CfDistributionDomainName:
	Description: 'Domain name for our cloudfront distribution'
	Value: !GetAtt CfDistribution.DomainName
	WebsiteURL:
	Value: !GetAtt
	- S3Bucket
	- WebsiteURL
	Description: 'URL for website hosted on S3'