AWSTemplateFormatVersion: "2010-09-09"
Description:
S3 and CloudFront for Static website hosting
Metadata:
"AWS::CloudFormation::Interface":
ParameterGroups:
- Label:
default: "S3 and CooudFront Configuration"
Parameters:
- WebsiteDomainName
- CFSSLCertificateId
ParameterLables:
WebsiteDomainName:
default: "WebsiteDomainName"
CFSSLCertificateId:
default: "CFSSLCertificateId"
# ------------------------------------------------------------#
# Input Parameters
# ------------------------------------------------------------#
Parameters:
WebsiteDomainName:
Type: String
CFSSLCertificateId:
Type: String
Resources:
# ------------------------------------------------------------#
# S3 Bucket
# ------------------------------------------------------------#
# Bucket
Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Ref WebsiteDomainName
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
BucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref Bucket
PolicyDocument:
Statement:
- Action: "s3:GetObject"
Effect: Allow
Resource: !Sub "arn:aws:s3:::${Bucket}/*"
Principal: '*'
# ------------------------------------------------------------#
# CloudFront
# ------------------------------------------------------------#
CloudFrontDistribution:
Type: "AWS::CloudFront::Distribution"
Properties:
DistributionConfig:
PriceClass: PriceClass_All
Aliases:
- !Ref WebsiteDomainName
Origins:
- CustomOriginConfig:
OriginProtocolPolicy: http-only
DomainName: !Sub "${WebsiteDomainName}.s3-website-${AWS::Region}.amazonaws.com"
Id: !Sub "S3-Website-${WebsiteDomainName}.s3-website-ap-northeast-1.amazonaws.com"
DefaultCacheBehavior:
TargetOriginId: !Sub "S3-Website-${WebsiteDomainName}.s3-website-ap-northeast-1.amazonaws.com"
ViewerProtocolPolicy: redirect-to-https
AllowedMethods:
- GET
- HEAD
CachedMethods:
- GET
- HEAD
DefaultTTL: 3600
MaxTTL: 86400
MinTTL: 60
Compress: true
ForwardedValues:
Cookies:
Forward: none
QueryString: false
ViewerCertificate:
SslSupportMethod: sni-only
MinimumProtocolVersion: TLSv1.1_2016
AcmCertificateArn: !Sub "arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/${CFSSLCertificateId}"
HttpVersion: http2
Enabled: true
# ------------------------------------------------------------#
# Output Parameters
# ------------------------------------------------------------#
Outputs:
#WebsiteURL:
WebsiteURL:
Value: !GetAtt Bucket.WebsiteURL
#DistributionID
DistributionID:
Value: !Ref CloudFrontDistribution
#DomainName
DomainName:
Value: !GetAtt CloudFrontDistribution.DomainName
なるほど、これはやばいわ
