sato11/website-template.yml

## website-template.yml
AWSTemplateFormatVersion: 2010-09-09
Description: |
  A stack to manage an S3 bucket for hosting a static website,
  a Route 53 DNS record for using a custom domain,
  and a CloudFront Distribution for high availability.

Parameters:
  AcmCertificateArn:
    Type: String
    Description: The ARN of ACM certificate.
    AllowedPattern: arn:aws:acm:.*
  DomainName:
    Type: String
    Description: The domain on which you want your website to be hosted.
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.
  HostedZone:
    Type: String
    Description: The name of an existing Amazon Route 53 hosted zone.
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.

Resources:
  WebsiteBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      AccessControl: PublicRead
      BucketName: !Ref DomainName
      WebsiteConfiguration:
        IndexDocument: index.html
  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref WebsiteBucket
      PolicyDocument:
        Id: WebsiteBucketPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Sub 'arn:aws:s3:::${WebsiteBucket}/*'
  WebsiteCloudfront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
      - WebsiteBucket
    Properties:
      DistributionConfig:
        Aliases:
          - !Ref DomainName
        Comment: !Sub ${DomainName} static website bucket
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
          Compress: true
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: true
          TargetOriginId: S3Origin
          ViewerProtocolPolicy: redirect-to-https
        DefaultRootObject: index.html
        Enabled: true
        HttpVersion: 'http2'
        Origins:
          - DomainName: !Select [2, !Split ['/', !GetAtt WebsiteBucket.WebsiteURL]]
            Id: S3Origin
            CustomOriginConfig:
              HTTPPort: '80'
              HTTPSPort: '443'
              OriginProtocolPolicy: http-only
        PriceClass: PriceClass_All
        ViewerCertificate:
          AcmCertificateArn: !Ref AcmCertificateArn
          SslSupportMethod: sni-only
  WebsiteDNSName:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneName: !Sub '${HostedZone}.'
      RecordSets:
        - Name: !Ref DomainName
          Type: A
          AliasTarget:
            HostedZoneId: Z2FDTNDATAQYW2
            DNSName: !GetAtt [WebsiteCloudfront, DomainName]
	AWSTemplateFormatVersion: 2010-09-09
	Description: \|
	A stack to manage an S3 bucket for hosting a static website,
	a Route 53 DNS record for using a custom domain,
	and a CloudFront Distribution for high availability.

	Parameters:
	AcmCertificateArn:
	Type: String
	Description: The ARN of ACM certificate.
	AllowedPattern: arn:aws:acm:.*
	DomainName:
	Type: String
	Description: The domain on which you want your website to be hosted.
	AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
	ConstraintDescription: must be a valid DNS zone name.
	HostedZone:
	Type: String
	Description: The name of an existing Amazon Route 53 hosted zone.
	AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
	ConstraintDescription: must be a valid DNS zone name.

	Resources:
	WebsiteBucket:
	Type: AWS::S3::Bucket
	DeletionPolicy: Retain
	Properties:
	AccessControl: PublicRead
	BucketName: !Ref DomainName
	WebsiteConfiguration:
	IndexDocument: index.html
	WebsiteBucketPolicy:
	Type: AWS::S3::BucketPolicy
	Properties:
	Bucket: !Ref WebsiteBucket
	PolicyDocument:
	Id: WebsiteBucketPolicy
	Version: 2012-10-17
	Statement:
	- Sid: PublicReadForGetBucketObjects
	Effect: Allow
	Principal: '*'
	Action: 's3:GetObject'
	Resource: !Sub 'arn:aws:s3:::${WebsiteBucket}/*'
	WebsiteCloudfront:
	Type: AWS::CloudFront::Distribution
	DependsOn:
	- WebsiteBucket
	Properties:
	DistributionConfig:
	Aliases:
	- !Ref DomainName
	Comment: !Sub ${DomainName} static website bucket
	DefaultCacheBehavior:
	AllowedMethods:
	- GET
	- HEAD
	Compress: true
	ForwardedValues:
	Cookies:
	Forward: none
	QueryString: true
	TargetOriginId: S3Origin
	ViewerProtocolPolicy: redirect-to-https
	DefaultRootObject: index.html
	Enabled: true
	HttpVersion: 'http2'
	Origins:
	- DomainName: !Select [2, !Split ['/', !GetAtt WebsiteBucket.WebsiteURL]]
	Id: S3Origin
	CustomOriginConfig:
	HTTPPort: '80'
	HTTPSPort: '443'
	OriginProtocolPolicy: http-only
	PriceClass: PriceClass_All
	ViewerCertificate:
	AcmCertificateArn: !Ref AcmCertificateArn
	SslSupportMethod: sni-only
	WebsiteDNSName:
	Type: AWS::Route53::RecordSetGroup
	Properties:
	HostedZoneName: !Sub '${HostedZone}.'
	RecordSets:
	- Name: !Ref DomainName
	Type: A
	AliasTarget:
	HostedZoneId: Z2FDTNDATAQYW2
	DNSName: !GetAtt [WebsiteCloudfront, DomainName]