FilipBartos · April 12, 2021 10:55 · FilipBartos · Apr 12, 2021
diff --git a/template.yaml b/template.yaml
 AWSTemplateFormatVersion: '2010-09-09'
 Transform: AWS::Serverless-2016-10-31
 Description: >
  Redirecting naked (apex) domain to full domain example
  
 Parameters:
  DomainName:
    Description: Naked (apex) name of the domain
    Type: String
  Certificate:
    Description: SSL Certificate Arn
    Type: String

 Mappings:
  Region2S3WebsiteSuffix:
    us-east-1:
      Suffix: .s3-website-us-east-1.amazonaws.com
    us-west-1:
      Suffix: .s3-website-us-west-1.amazonaws.com
    us-west-2:
      Suffix: .s3-website-us-west-2.amazonaws.com
    eu-west-1:
      Suffix: .s3-website-eu-west-1.amazonaws.com
    ap-northeast-1:
      Suffix: .s3-website-ap-northeast-1.amazonaws.com
    ap-northeast-2:
      Suffix: .s3-website-ap-northeast-2.amazonaws.com
    ap-southeast-1:
      Suffix: .s3-website-ap-southeast-1.amazonaws.com
    ap-southeast-2:
      Suffix: .s3-website-ap-southeast-2.amazonaws.com
    ap-south-1:
      Suffix: .s3-website-ap-south-1.amazonaws.com
    us-east-2:
      Suffix: .s3-website-us-east-2.amazonaws.com
    sa-east-1:
      Suffix: .s3-website-sa-east-1.amazonaws.com
    cn-north-1:
      Suffix: .s3-website.cn-north-1.amazonaws.com.cn
    eu-central-1:
      Suffix: .s3-website.eu-central-1.amazonaws.com

 Resources:
  NakedWebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "www.${DomainName}"
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: !Sub "www.${DomainName}"
          Protocol: https

  NakedCloudfrontDistribution:
    Type: "AWS::CloudFront::Distribution"
    DependsOn: NakedWebsiteBucket
    Properties:
      DistributionConfig:
        Comment: !Sub "$(DomainName) -> www.${DomainName}"
        Enabled: true
        HttpVersion: http2
        Aliases:
            - !Ref DomainName
        ViewerCertificate:
          AcmCertificateArn: !Ref Certificate
          MinimumProtocolVersion: TLSv1.1_2016
          SslSupportMethod: sni-only
        Origins:
          - Id: !Sub "s3-${DomainName}"
            # NakedWebsiteBucket.WebsiteURL returns S3 endpoint that includes protocol
            # DomainName must be S3 endpoint without protocol (nakedbucket.s3-website.region.amazonaws.com)
            DomainName: !Join ['', [!Ref 'NakedWebsiteBucket', !FindInMap [Region2S3WebsiteSuffix,
                !Ref 'AWS::Region', Suffix]]]
            CustomOriginConfig:
              # S3 endpoints doesn't support https protocol
              # https-only -> cloudfront will return HTTP 504 status (Gateway Timeout)
              OriginProtocolPolicy: http-only
        DefaultCacheBehavior:
          Compress: 'true'
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          ForwardedValues:
            QueryString: true
          TargetOriginId: !Sub "s3-${DomainName}"
          ViewerProtocolPolicy : redirect-to-https
	AWSTemplateFormatVersion: '2010-09-09'
	Transform: AWS::Serverless-2016-10-31
	Description: >
	Redirecting naked (apex) domain to full domain example

	Parameters:
	DomainName:
	Description: Naked (apex) name of the domain
	Type: String
	Certificate:
	Description: SSL Certificate Arn
	Type: String

	Mappings:
	Region2S3WebsiteSuffix:
	us-east-1:
	Suffix: .s3-website-us-east-1.amazonaws.com
	us-west-1:
	Suffix: .s3-website-us-west-1.amazonaws.com
	us-west-2:
	Suffix: .s3-website-us-west-2.amazonaws.com
	eu-west-1:
	Suffix: .s3-website-eu-west-1.amazonaws.com
	ap-northeast-1:
	Suffix: .s3-website-ap-northeast-1.amazonaws.com
	ap-northeast-2:
	Suffix: .s3-website-ap-northeast-2.amazonaws.com
	ap-southeast-1:
	Suffix: .s3-website-ap-southeast-1.amazonaws.com
	ap-southeast-2:
	Suffix: .s3-website-ap-southeast-2.amazonaws.com
	ap-south-1:
	Suffix: .s3-website-ap-south-1.amazonaws.com
	us-east-2:
	Suffix: .s3-website-us-east-2.amazonaws.com
	sa-east-1:
	Suffix: .s3-website-sa-east-1.amazonaws.com
	cn-north-1:
	Suffix: .s3-website.cn-north-1.amazonaws.com.cn
	eu-central-1:
	Suffix: .s3-website.eu-central-1.amazonaws.com

	Resources:
	NakedWebsiteBucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Sub "www.${DomainName}"
	WebsiteConfiguration:
	RedirectAllRequestsTo:
	HostName: !Sub "www.${DomainName}"
	Protocol: https

	NakedCloudfrontDistribution:
	Type: "AWS::CloudFront::Distribution"
	DependsOn: NakedWebsiteBucket
	Properties:
	DistributionConfig:
	Comment: !Sub "$(DomainName) -> www.${DomainName}"
	Enabled: true
	HttpVersion: http2
	Aliases:
	- !Ref DomainName
	ViewerCertificate:
	AcmCertificateArn: !Ref Certificate
	MinimumProtocolVersion: TLSv1.1_2016
	SslSupportMethod: sni-only
	Origins:
	- Id: !Sub "s3-${DomainName}"
	# NakedWebsiteBucket.WebsiteURL returns S3 endpoint that includes protocol
	# DomainName must be S3 endpoint without protocol (nakedbucket.s3-website.region.amazonaws.com)
	DomainName: !Join ['', [!Ref 'NakedWebsiteBucket', !FindInMap [Region2S3WebsiteSuffix,
	!Ref 'AWS::Region', Suffix]]]
	CustomOriginConfig:
	# S3 endpoints doesn't support https protocol
	# https-only -> cloudfront will return HTTP 504 status (Gateway Timeout)
	OriginProtocolPolicy: http-only
	DefaultCacheBehavior:
	Compress: 'true'
	AllowedMethods:
	- GET
	- HEAD
	- OPTIONS
	ForwardedValues:
	QueryString: true
	TargetOriginId: !Sub "s3-${DomainName}"
	ViewerProtocolPolicy : redirect-to-https