-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathstack.yaml
132 lines (131 loc) · 4.47 KB
/
stack.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
AWSTemplateFormatVersion: "2010-09-09"
Description: 'Create Create a static website on S3 served by CloudFront'
Parameters:
BucketName:
Type: String
Description: The S3 bucket name
SubDomainName:
Type: String
Description: The sub domain name for the site
AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
HostedZoneName:
Type: String
Description: The domain name for the site
AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
ConstraintDescription: must be a valid DNS zone name.
AcmCertificateArn:
Type: String
Resources:
Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref 'BucketName'
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
RoutingRules:
- RoutingRuleCondition:
HttpErrorCodeReturnedEquals: '404'
KeyPrefixEquals: /
RedirectRule:
HostName: !Sub
- '${SubDomainName}.${HostedZoneName}.'
- SubDomainName: !Ref SubDomainName
HostedZoneName: !Ref HostedZoneName
ReplaceKeyPrefixWith: error/404/
WebsiteCloudFront:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
Comment: CloudFront Distribution pointing to S3 Bucket
Origins:
- DomainName: !Join [ '', !Split [ 'http://', !GetAtt 'Bucket.WebsiteURL' ] ]
Id: S3Origin
CustomOriginConfig:
OriginProtocolPolicy: 'http-only'
HttpVersion: 'http2'
Aliases:
- !Sub
- '${SubDomainName}.${HostedZoneName}'
- SubDomainName: !Ref SubDomainName
HostedZoneName: !Ref HostedZoneName
CustomErrorResponses:
- ErrorCode: 403
ResponseCode: 404
ResponsePagePath: '/error.html'
DefaultCacheBehavior:
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
AllowedMethods:
- GET
- HEAD
- OPTIONS
Compress: true
ForwardedValues:
QueryString: false
Cookies:
Forward: none
ResponseHeadersPolicyId: !Ref WebsiteCloudFrontPolicy
PriceClass: PriceClass_All
ViewerCertificate:
AcmCertificateArn: !Ref 'AcmCertificateArn'
SslSupportMethod: sni-only
WebsiteCloudFrontPolicy:
Type: AWS::CloudFront::ResponseHeadersPolicy
Properties:
ResponseHeadersPolicyConfig:
Name: API-Docs-Security-Header-Policy
Comment: Vapor API Docs security header policy
CustomHeadersConfig:
Items:
- Header: Permissions-Policy
Override: false
Value: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
- Header: server
Override: true
Value: 'Vapor API Docs'
SecurityHeadersConfig:
# ContentSecurityPolicy:
# ContentSecurityPolicy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'
# Override: false
ContentTypeOptions:
Override: false
FrameOptions:
FrameOption: DENY
Override: false
ReferrerPolicy:
Override: false
ReferrerPolicy: strict-origin-when-cross-origin
StrictTransportSecurity:
AccessControlMaxAgeSec: 63072000
IncludeSubdomains: true
Preload: false
Override: false
XSSProtection:
ModeBlock: true
Protection: true
Override: false
DNSRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Sub
- '${HostedZoneName}.'
- { HostedZoneName: !Ref HostedZoneName}
# Combine the environment and subdomain to create the DNS record. If the environment is prod then leave it out
Name: !Sub
- '${SubDomainName}.${HostedZoneName}.'
- SubDomainName: !Ref SubDomainName
HostedZoneName: !Ref HostedZoneName
Type: A
AliasTarget:
DNSName: !GetAtt WebsiteCloudFront.DomainName
HostedZoneId: Z2FDTNDATAQYW2
Outputs:
CloudFrontURL:
Description: CloudFront URL
Value: !GetAtt WebsiteCloudFront.DomainName
Bucket:
Description: Bucket name to hold website content
Value: !Ref Bucket