This CloudFormation template creates a static website hosting infrastructure using AWS S3 and CloudFront with a custom domain. It sets up the necessary resources, such as S3 bucket, CloudFront distribution, Route 53 DNS record, and IAM user, to enable hosting a static website securely.
- AWSTemplateFormatVersion: 2010-09-09
- Description: Static website hosting with S3 and CloudFront with a custom domain.
-
Cert (String):
- Description: SSL Certificate ARN
- Type: String
-
HostedZoneResourceID (String):
- Description: Hosted Zone ID
- Type: String
-
DomainName (String):
- Description: Website Domain Name
- Type: String
-
ErrorPagePath (String):
- Description: Directory error path
- Type: String
- Default: /error.html
-
IndexDocument (String):
- Description: Directory index path
- Type: String
- Default: /index.html
- Type: AWS::S3::Bucket
- Properties:
- BucketName:
${DomainName}-cloudfront
- BucketName:
- Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
- Properties:
- CloudFrontOriginAccessIdentityConfig:
- Comment:
!Ref S3Bucket
- Comment:
- CloudFrontOriginAccessIdentityConfig:
- Type: AWS::S3::BucketPolicy
- Properties:
- Bucket:
!Ref S3Bucket
- PolicyDocument:
- Statement:
- Action: s3:GetObject
- Effect: Allow
- Resource:
${S3Bucket.Arn}
,${S3Bucket.Arn}/*
- Principal:
- CanonicalUser:
!GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
- CanonicalUser:
- Statement:
- Bucket:
- Type: AWS::CloudFront::Distribution
- Properties:
- DistributionConfig:
- Aliases:
!Ref DomainName
- ViewerCertificate:
- AcmCertificateArn:
!Ref Cert
- SslSupportMethod: sni-only
- AcmCertificateArn:
- CustomErrorResponses:
- ErrorCode: 403
- ResponseCode: 404
- ResponsePagePath:
!Ref ErrorPagePath
- DefaultCacheBehavior:
- AllowedMethods: GET, HEAD, OPTIONS
- CachedMethods: GET, HEAD, OPTIONS
- Compress: true
- DefaultTTL: 3600
- ForwardedValues:
- Cookies: Forward: none
- QueryString: false
- MaxTTL: 86400
- MinTTL: 60
- TargetOriginId: s3origin
- ViewerProtocolPolicy: redirect-to-https
- DefaultRootObject: index.html
- Enabled: true
- HttpVersion: http2
- Origins:
- DomainName:
!GetAtt S3Bucket.DomainName
- Id: s3origin
- S3OriginConfig:
- OriginAccessIdentity:
!Sub origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}
- OriginAccessIdentity:
- DomainName:
- PriceClass: PriceClass_All
- Aliases:
- DistributionConfig:
- Type: AWS::IAM::User
- Properties:
- Policies:
- PolicyName:
!Sub "publish-to-${S3Bucket}"
- PolicyDocument:
- Statement:
- Action: s3:*
- Effect: Allow
- Resource:
${S3Bucket.Arn}
,${S3Bucket.Arn}/*
- Statement:
- PolicyName:
- Policies:
- Type: AWS::Route53::RecordSet
- Properties:
- HostedZoneId:
!Ref HostedZoneResourceID
- Comment: DNS name for cloud front
- Name:
!Ref DomainName
- Type: A
- AliasTarget:
- HostedZoneId: Z2FDTNDATAQYW2
- DNSName:
!GetAtt CloudFrontDistribution.DomainName
- DependsOn: CloudFrontDistribution
- HostedZoneId:
-
BucketName:
- Description: S3 Bucket Name
- Value:
!Ref S3Bucket
-
PublishUser:
- Description: IAM User with write access to the bucket
- Value:
!Ref PublishUser
-
URL:
- Description: Website URL
- Value:
!Ref DNSRecord