Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AWS CloudFormation for HTTPS static website hosting using S3, CloudFront, and ACM
AWSTemplateFormatVersion: 2010-09-09
Parameters:
RootDomainName:
Type: String
Mappings:
RegionMap:
us-east-1:
S3HostedZoneID: Z3AQBSTGFYJSTF
S3WebsiteEndpoint: s3-website-us-east-1.amazonaws.com
us-west-1:
S3HostedZoneID: Z2F56UZL2M1ACD
S3WebsiteEndpoint: s3-website-us-west-1.amazonaws.com
us-west-2:
S3HostedZoneID: Z3BJ6K6RIION7M
S3WebsiteEndpoint: s3-website-us-west-2.amazonaws.com
eu-west-1:
S3HostedZoneID: Z1BKCTXD74EZPE
S3WebsiteEndpoint: s3-website-eu-west-1.amazonaws.com
ap-southeast-1:
S3HostedZoneID: Z3O0J2DXBE1FTB
S3WebsiteEndpoint: s3-website-ap-southeast-1.amazonaws.com
ap-southeast-2:
S3HostedZoneID: Z1WCIGYICN2BYD
S3WebsiteEndpoint: s3-website-ap-southeast-2.amazonaws.com
ap-northeast-1:
S3HostedZoneID: Z2M4EHUR26P7ZW
S3WebsiteEndpoint: s3-website-ap-northeast-1.amazonaws.com
sa-east-1:
S3HostedZoneID: Z31GFT0UA1I2HV
S3WebsiteEndpoint: s3-website-sa-east-1.amazonaws.com
Resources:
RootCertificate:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: !Ref RootDomainName
SubdomainCertificate:
Type: 'AWS::CertificateManager::Certificate'
Properties:
DomainName: !Sub
- '*.${Domain}'
- Domain: !Ref RootDomainName
PublicWebsiteRootBucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Ref RootDomainName
AccessControl: PublicRead
WebsiteConfiguration:
RedirectAllRequestsTo:
HostName: !Ref PublicWebsiteWwwBucket
PublicWebsiteWwwBucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: !Sub
- www.${Domain}
- Domain: !Ref RootDomainName
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: 404.html
PublicRootBucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
PolicyDocument:
Id: PublicWebsitePolicy
Version: 2012-10-17
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref PublicWebsiteRootBucket
- /*
Bucket: !Ref PublicWebsiteRootBucket
PublicWwwBucketPolicy:
Type: 'AWS::S3::BucketPolicy'
Properties:
PolicyDocument:
Id: PublicWebsitePolicy
Version: 2012-10-17
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref PublicWebsiteWwwBucket
- /*
Bucket: !Ref PublicWebsiteWwwBucket
PublicWebsiteRootCloudfront:
Type: AWS::CloudFront::Distribution
DependsOn:
- PublicWebsiteRootBucket
Properties:
DistributionConfig:
Comment: CloudFront to S3 - root
Origins:
- DomainName: !Join
- '.'
- - !Ref 'RootDomainName'
- !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
Id: S3RootOrigin
CustomOriginConfig:
HTTPPort: '80'
HTTPSPort: '443'
OriginProtocolPolicy: http-only
Enabled: true
HttpVersion: 'http2'
DefaultRootObject: index.html
Aliases:
- !Ref 'RootDomainName'
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
Compress: true
TargetOriginId: S3RootOrigin
ForwardedValues:
QueryString: true
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
PriceClass: PriceClass_All
ViewerCertificate:
AcmCertificateArn: !Ref RootCertificate
SslSupportMethod: sni-only
PublicWebsiteWwwCloudfront:
Type: AWS::CloudFront::Distribution
DependsOn:
- PublicWebsiteWwwBucket
Properties:
DistributionConfig:
Comment: CloudFront to S3 - www
Origins:
- DomainName: !Join
- '.'
- - 'www'
- !Ref 'RootDomainName'
- !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
Id: S3WwwOrigin
CustomOriginConfig:
HTTPPort: '80'
HTTPSPort: '443'
OriginProtocolPolicy: http-only
Enabled: true
HttpVersion: 'http2'
DefaultRootObject: index.html
Aliases:
- !Join
- '.'
- - 'www'
- !Ref 'RootDomainName'
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
Compress: true
DefaultTTL: 3600
TargetOriginId: S3WwwOrigin
ForwardedValues:
QueryString: true
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
PriceClass: PriceClass_All
ViewerCertificate:
AcmCertificateArn: !Ref SubdomainCertificate
SslSupportMethod: sni-only
HostedZone:
Type: 'AWS::Route53::HostedZone'
Properties:
Name: !Ref RootDomainName
DNS:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: !Sub
- ${Domain}.
- Domain: !Ref RootDomainName
RecordSets:
- Name: !Ref 'RootDomainName'
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt [PublicWebsiteRootCloudfront, DomainName]
- Name: !Join
- '.'
- - 'www'
- !Ref 'RootDomainName'
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt [PublicWebsiteWwwCloudfront, DomainName]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.