Created
March 22, 2019 14:42
-
-
Save techthoughts2/2c83ea20d02b624d2f7133bc4fb00b84 to your computer and use it in GitHub Desktop.
Resources for hosting a static website (generated with Hugo for example) on Amazon Simple Storage Service (S3) & CloudFront.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AWSTemplateFormatVersion: 2010-09-09 | |
Description: > | |
Resources for hosting a static website (generated with Hugo for example) on | |
Amazon Simple Storage Service (S3) & CloudFront. | |
############################################################################### | |
Parameters: | |
############################################################################### | |
AcmCertificateArn: | |
Type: String | |
Description: > | |
The ARN of the SSL certificate to use for the CloudFront distribution. | |
DomainName: | |
Type: String | |
Description: The website domain name. | |
Default: lroguet.example | |
PriceClass: | |
Type: String | |
Description: The CloudFront distribution price class | |
Default: 'PriceClass_All' | |
AllowedValues: | |
- 'PriceClass_100' | |
- 'PriceClass_200' | |
- 'PriceClass_All' | |
############################################################################### | |
Resources: | |
############################################################################### | |
TheCloudFrontDistribution: | |
Type: AWS::CloudFront::Distribution | |
Properties: | |
DistributionConfig: | |
Aliases: | |
- !Ref DomainName | |
DefaultCacheBehavior: | |
Compress: true | |
ForwardedValues: | |
QueryString: false | |
TargetOriginId: the-s3-bucket | |
ViewerProtocolPolicy: redirect-to-https | |
DefaultRootObject: index.html | |
CustomErrorResponses: | |
- ErrorCachingMinTTL: 300 | |
ErrorCode: 403 | |
ResponseCode: 404 | |
ResponsePagePath: /404.html | |
Enabled: true | |
HttpVersion: http2 | |
Origins: | |
- DomainName: | |
!Join [ "", [ !Ref TheBucket, ".s3.amazonaws.com" ] ] | |
Id: the-s3-bucket | |
S3OriginConfig: | |
OriginAccessIdentity: | |
!Join [ "", [ "origin-access-identity/cloudfront/", !Ref TheCloudFrontOriginAccessIdentity ] ] | |
PriceClass: !Ref PriceClass | |
ViewerCertificate: | |
AcmCertificateArn: !Ref AcmCertificateArn | |
MinimumProtocolVersion: TLSv1 | |
SslSupportMethod: sni-only | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheCloudFrontOriginAccessIdentity: | |
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity | |
Properties: | |
CloudFrontOriginAccessIdentityConfig: | |
Comment: !Sub 'CloudFront OAI for ${DomainName}' | |
TheBucket: | |
Type: AWS::S3::Bucket | |
DeletionPolicy: Retain | |
Properties: | |
BucketEncryption: | |
ServerSideEncryptionConfiguration: | |
- | |
ServerSideEncryptionByDefault: | |
SSEAlgorithm: AES256 | |
Tags: | |
- Key: Domain | |
Value: !Ref DomainName | |
TheBucketPolicy: | |
Type: AWS::S3::BucketPolicy | |
Properties: | |
Bucket: !Ref TheBucket | |
PolicyDocument: | |
Statement: | |
- | |
Action: | |
- s3:GetObject | |
Effect: Allow | |
Resource: !Join [ "", [ "arn:aws:s3:::", !Ref TheBucket, "/*" ] ] | |
Principal: | |
CanonicalUser: !GetAtt TheCloudFrontOriginAccessIdentity.S3CanonicalUserId |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment