rekahsoft
/
blog-rekahsoft-ca
1
1
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
blog-rekahsoft-ca/blog-rekahsoft.yaml

176 lines
4.3 KiB
YAML
Raw Blame History

AWSTemplateFormatVersion: '2010-09-09'
Description: RekahSoft blog stack
#
# Parameters
#
Parameters:
AlternateURLs:
Type: CommaDelimitedList
Default: ''
Description: A list of URLs that act as aliases for accessing the cloudfront site
PriceClass:
Type: String
AllowedValues: [PriceClass_100, PriceClass_200, PriceClass_All]
Default: PriceClass_100
Description: The cloud front price class to use with the web distribution
#
# Conditions
#
Conditions:
NoAlternateURLs: !Equals [!Join [',', !Ref AlternateURLs], '' ]
#
# Resources
#
Resources:
User:
Type: AWS::IAM::User
AccessKeyUser:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref User
S3Bucket:
Type: AWS::S3::Bucket
Properties:
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: S3BucketPolicy
Version: '2012-10-17'
Statement:
- Sid: ListAccess
Action:
- s3:ListBucket
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket]]
Principal:
AWS: !GetAtt User.Arn
- Sid: ReadWriteAccess
Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]
Principal:
AWS: !GetAtt User.Arn
- Sid: PublicReadAccess
Action:
- s3:GetObject
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]
Principal: '*'
Bucket: !Ref S3Bucket
LogsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: LogsBucketPolicy
Version: '2012-10-17'
Statement:
- Sid: ReadWriteAccess
Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
Effect: Allow
Resource: !Join ['', ['arn:aws:s3:::', !Ref LogsBucket, '/*']]
Principal:
AWS: !GetAtt User.Arn
Bucket: !Ref LogsBucket
LogsBucket:
Type: AWS::S3::Bucket
CloudfrontDistribution:
Type: AWS::CloudFront::Distribution
DependsOn:
- S3Bucket
- LogsBucket
Properties:
DistributionConfig:
Origins:
- DomainName: !GetAtt S3Bucket.DomainName # mybucket.s3.amazonaws.com
Id: S3Origin
S3OriginConfig:
OriginAccessIdentity: ''# origin-access-identity/cloudfront/S3Origin
Enabled: true
HttpVersion: http2
Comment: Some comment
DefaultRootObject: index.html
Logging:
IncludeCookies: false
Bucket: !GetAtt LogsBucket.DomainName # mylogs.s3.amazonaws.com
Prefix: myprefix
Aliases: !If [NoAlternateURLs, !Ref 'AWS::NoValue', !Ref AlternateURLs ]
CacheBehaviors:
- AllowedMethods:
- GET
- HEAD
- OPTIONS
TargetOriginId: S3Origin
MaxTTL: 0
MinTTL: 0
DefaultTTL: 0
PathPattern: index.html
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
# TrustedSigners:
# - 1234567890EX
# - 1234567891EX
ViewerProtocolPolicy: allow-all
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
TargetOriginId: S3Origin
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
# TrustedSigners:
# - 1234567890EX
# - 1234567891EX
ViewerProtocolPolicy: allow-all
PriceClass: !Ref PriceClass
Restrictions:
GeoRestriction:
RestrictionType: whitelist
Locations:
- CA
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
#
# Outputs
#
Outputs:
WebAddress:
Value: !GetAtt CloudfrontDistribution.DomainName
S3Bucket:
Value: !Ref S3Bucket
LogsBucket:
Value: !Ref LogsBucket
UserAccessKey:
Value: !Ref AccessKeyUser
UserSecretKey:
Value: !GetAtt AccessKeyUser.SecretAccessKey
Reference in New Issue View Git Blame Copy Permalink