stu-smith/static-site.yaml

## static-site.yaml
AWSTemplateFormatVersion: 2010-09-09
Parameters:
  RootDomainName:
    Type: String
Mappings:
  RegionMap:
    us-east-1:
      S3HostedZoneID: Z3AQBSTGFYJSTF
      S3WebsiteEndpoint: s3-website-us-east-1.amazonaws.com
    us-west-1:
      S3HostedZoneID: Z2F56UZL2M1ACD
      S3WebsiteEndpoint: s3-website-us-west-1.amazonaws.com
    us-west-2:
      S3HostedZoneID: Z3BJ6K6RIION7M
      S3WebsiteEndpoint: s3-website-us-west-2.amazonaws.com
    eu-west-1:
      S3HostedZoneID: Z1BKCTXD74EZPE
      S3WebsiteEndpoint: s3-website-eu-west-1.amazonaws.com
    ap-southeast-1:
      S3HostedZoneID: Z3O0J2DXBE1FTB
      S3WebsiteEndpoint: s3-website-ap-southeast-1.amazonaws.com
    ap-southeast-2:
      S3HostedZoneID: Z1WCIGYICN2BYD
      S3WebsiteEndpoint: s3-website-ap-southeast-2.amazonaws.com
    ap-northeast-1:
      S3HostedZoneID: Z2M4EHUR26P7ZW
      S3WebsiteEndpoint: s3-website-ap-northeast-1.amazonaws.com
    sa-east-1:
      S3HostedZoneID: Z31GFT0UA1I2HV
      S3WebsiteEndpoint: s3-website-sa-east-1.amazonaws.com

Resources:

  RootCertificate:
    Type: 'AWS::CertificateManager::Certificate'
    Properties:
      DomainName: !Ref RootDomainName

  SubdomainCertificate:
    Type: 'AWS::CertificateManager::Certificate'
    Properties:
      DomainName: !Sub
        - '*.${Domain}'
        - Domain: !Ref RootDomainName

  PublicWebsiteRootBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Ref RootDomainName
      AccessControl: PublicRead
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: !Ref PublicWebsiteWwwBucket

  PublicWebsiteWwwBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Sub
        - www.${Domain}
        - Domain: !Ref RootDomainName
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: 404.html

  PublicRootBucketPolicy:
      Type: 'AWS::S3::BucketPolicy'
      Properties:
        PolicyDocument:
          Id: PublicWebsitePolicy
          Version: 2012-10-17
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: '*'
              Action: 's3:GetObject'
              Resource: !Join
                - ''
                - - 'arn:aws:s3:::'
                  - !Ref PublicWebsiteRootBucket
                  - /*
        Bucket: !Ref PublicWebsiteRootBucket

  PublicWwwBucketPolicy:
      Type: 'AWS::S3::BucketPolicy'
      Properties:
        PolicyDocument:
          Id: PublicWebsitePolicy
          Version: 2012-10-17
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: '*'
              Action: 's3:GetObject'
              Resource: !Join
                - ''
                - - 'arn:aws:s3:::'
                  - !Ref PublicWebsiteWwwBucket
                  - /*
        Bucket: !Ref PublicWebsiteWwwBucket

  PublicWebsiteRootCloudfront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
      - PublicWebsiteRootBucket
    Properties:
      DistributionConfig:
        Comment: CloudFront to S3 - root
        Origins:
        - DomainName: !Join
            - '.'
            - - !Ref 'RootDomainName'
              - !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
          Id: S3RootOrigin
          CustomOriginConfig:
            HTTPPort: '80'
            HTTPSPort: '443'
            OriginProtocolPolicy: http-only
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases:
          - !Ref 'RootDomainName'
        DefaultCacheBehavior:
          AllowedMethods:
          - GET
          - HEAD
          Compress: true
          TargetOriginId: S3RootOrigin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_All
        ViewerCertificate:
          AcmCertificateArn: !Ref RootCertificate
          SslSupportMethod: sni-only

  PublicWebsiteWwwCloudfront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
      - PublicWebsiteWwwBucket
    Properties:
      DistributionConfig:
        Comment: CloudFront to S3 - www
        Origins:
        - DomainName: !Join
            - '.'
            - - 'www'
              - !Ref 'RootDomainName'
              - !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
          Id: S3WwwOrigin
          CustomOriginConfig:
            HTTPPort: '80'
            HTTPSPort: '443'
            OriginProtocolPolicy: http-only
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases:
          - !Join
            - '.'
            - - 'www'
              - !Ref 'RootDomainName'
        DefaultCacheBehavior:
          AllowedMethods:
          - GET
          - HEAD
          Compress: true
          DefaultTTL: 3600
          TargetOriginId: S3WwwOrigin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_All
        ViewerCertificate:
          AcmCertificateArn: !Ref SubdomainCertificate
          SslSupportMethod: sni-only

  HostedZone:
    Type: 'AWS::Route53::HostedZone'
    Properties:
      Name: !Ref RootDomainName

  DNS:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneName: !Sub
        - ${Domain}.
        - Domain: !Ref RootDomainName
      RecordSets:
        - Name: !Ref 'RootDomainName'
          Type: A
          AliasTarget:
            HostedZoneId: Z2FDTNDATAQYW2
            DNSName: !GetAtt [PublicWebsiteRootCloudfront, DomainName]
        - Name: !Join
          - '.'
          - - 'www'
            - !Ref 'RootDomainName'
          Type: A
          AliasTarget:
            HostedZoneId: Z2FDTNDATAQYW2
            DNSName: !GetAtt [PublicWebsiteWwwCloudfront, DomainName]
	AWSTemplateFormatVersion: 2010-09-09
	Parameters:
	RootDomainName:
	Type: String
	Mappings:
	RegionMap:
	us-east-1:
	S3HostedZoneID: Z3AQBSTGFYJSTF
	S3WebsiteEndpoint: s3-website-us-east-1.amazonaws.com
	us-west-1:
	S3HostedZoneID: Z2F56UZL2M1ACD
	S3WebsiteEndpoint: s3-website-us-west-1.amazonaws.com
	us-west-2:
	S3HostedZoneID: Z3BJ6K6RIION7M
	S3WebsiteEndpoint: s3-website-us-west-2.amazonaws.com
	eu-west-1:
	S3HostedZoneID: Z1BKCTXD74EZPE
	S3WebsiteEndpoint: s3-website-eu-west-1.amazonaws.com
	ap-southeast-1:
	S3HostedZoneID: Z3O0J2DXBE1FTB
	S3WebsiteEndpoint: s3-website-ap-southeast-1.amazonaws.com
	ap-southeast-2:
	S3HostedZoneID: Z1WCIGYICN2BYD
	S3WebsiteEndpoint: s3-website-ap-southeast-2.amazonaws.com
	ap-northeast-1:
	S3HostedZoneID: Z2M4EHUR26P7ZW
	S3WebsiteEndpoint: s3-website-ap-northeast-1.amazonaws.com
	sa-east-1:
	S3HostedZoneID: Z31GFT0UA1I2HV
	S3WebsiteEndpoint: s3-website-sa-east-1.amazonaws.com

	Resources:

	RootCertificate:
	Type: 'AWS::CertificateManager::Certificate'
	Properties:
	DomainName: !Ref RootDomainName

	SubdomainCertificate:
	Type: 'AWS::CertificateManager::Certificate'
	Properties:
	DomainName: !Sub
	- '*.${Domain}'
	- Domain: !Ref RootDomainName

	PublicWebsiteRootBucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	BucketName: !Ref RootDomainName
	AccessControl: PublicRead
	WebsiteConfiguration:
	RedirectAllRequestsTo:
	HostName: !Ref PublicWebsiteWwwBucket

	PublicWebsiteWwwBucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	BucketName: !Sub
	- www.${Domain}
	- Domain: !Ref RootDomainName
	AccessControl: PublicRead
	WebsiteConfiguration:
	IndexDocument: index.html
	ErrorDocument: 404.html

	PublicRootBucketPolicy:
	Type: 'AWS::S3::BucketPolicy'
	Properties:
	PolicyDocument:
	Id: PublicWebsitePolicy
	Version: 2012-10-17
	Statement:
	- Sid: PublicReadForGetBucketObjects
	Effect: Allow
	Principal: '*'
	Action: 's3:GetObject'
	Resource: !Join
	- ''
	- - 'arn:aws:s3:::'
	- !Ref PublicWebsiteRootBucket
	- /*
	Bucket: !Ref PublicWebsiteRootBucket

	PublicWwwBucketPolicy:
	Type: 'AWS::S3::BucketPolicy'
	Properties:
	PolicyDocument:
	Id: PublicWebsitePolicy
	Version: 2012-10-17
	Statement:
	- Sid: PublicReadForGetBucketObjects
	Effect: Allow
	Principal: '*'
	Action: 's3:GetObject'
	Resource: !Join
	- ''
	- - 'arn:aws:s3:::'
	- !Ref PublicWebsiteWwwBucket
	- /*
	Bucket: !Ref PublicWebsiteWwwBucket

	PublicWebsiteRootCloudfront:
	Type: AWS::CloudFront::Distribution
	DependsOn:
	- PublicWebsiteRootBucket
	Properties:
	DistributionConfig:
	Comment: CloudFront to S3 - root
	Origins:
	- DomainName: !Join
	- '.'
	- - !Ref 'RootDomainName'
	- !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
	Id: S3RootOrigin
	CustomOriginConfig:
	HTTPPort: '80'
	HTTPSPort: '443'
	OriginProtocolPolicy: http-only
	Enabled: true
	HttpVersion: 'http2'
	DefaultRootObject: index.html
	Aliases:
	- !Ref 'RootDomainName'
	DefaultCacheBehavior:
	AllowedMethods:
	- GET
	- HEAD
	Compress: true
	TargetOriginId: S3RootOrigin
	ForwardedValues:
	QueryString: true
	Cookies:
	Forward: none
	ViewerProtocolPolicy: redirect-to-https
	PriceClass: PriceClass_All
	ViewerCertificate:
	AcmCertificateArn: !Ref RootCertificate
	SslSupportMethod: sni-only

	PublicWebsiteWwwCloudfront:
	Type: AWS::CloudFront::Distribution
	DependsOn:
	- PublicWebsiteWwwBucket
	Properties:
	DistributionConfig:
	Comment: CloudFront to S3 - www
	Origins:
	- DomainName: !Join
	- '.'
	- - 'www'
	- !Ref 'RootDomainName'
	- !FindInMap [RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint]
	Id: S3WwwOrigin
	CustomOriginConfig:
	HTTPPort: '80'
	HTTPSPort: '443'
	OriginProtocolPolicy: http-only
	Enabled: true
	HttpVersion: 'http2'
	DefaultRootObject: index.html
	Aliases:
	- !Join
	- '.'
	- - 'www'
	- !Ref 'RootDomainName'
	DefaultCacheBehavior:
	AllowedMethods:
	- GET
	- HEAD
	Compress: true
	DefaultTTL: 3600
	TargetOriginId: S3WwwOrigin
	ForwardedValues:
	QueryString: true
	Cookies:
	Forward: none
	ViewerProtocolPolicy: redirect-to-https
	PriceClass: PriceClass_All
	ViewerCertificate:
	AcmCertificateArn: !Ref SubdomainCertificate
	SslSupportMethod: sni-only

	HostedZone:
	Type: 'AWS::Route53::HostedZone'
	Properties:
	Name: !Ref RootDomainName

	DNS:
	Type: AWS::Route53::RecordSetGroup
	Properties:
	HostedZoneName: !Sub
	- ${Domain}.
	- Domain: !Ref RootDomainName
	RecordSets:
	- Name: !Ref 'RootDomainName'
	Type: A
	AliasTarget:
	HostedZoneId: Z2FDTNDATAQYW2
	DNSName: !GetAtt [PublicWebsiteRootCloudfront, DomainName]
	- Name: !Join
	- '.'
	- - 'www'
	- !Ref 'RootDomainName'
	Type: A
	AliasTarget:
	HostedZoneId: Z2FDTNDATAQYW2
	DNSName: !GetAtt [PublicWebsiteWwwCloudfront, DomainName]