nvd · February 14, 2019 02:16
diff --git a/Gemfile b/Gemfile
 source 'https://rubygems.org'

 gem 'aws-sdk', '~> 2.3'
diff --git a/swagger_s3_cf.rb b/swagger_s3_cf.rb
 # swagger - s3 - cf
 # Quick (and really dirty) script to deploy swagger-ui onto s3 with cf
 # Script is pretty opsy but allows me to keep all steps in the same file for a gist
 # Swagger used as an example, but it could be any static website

 require 'aws-sdk'
 require 'fileutils'

 # 0. Set AWS credentials in environment variables :
 # Note: IAM role must have Full S3 & CF Access
 # ENV['AWS_REGION'],
 # ENV['AWS_ACCESS_KEY_ID']
 # ENV['AWS_SECRET_ACCESS_KEY']

 # 1. Set Bucket name that will be created here
 SWAGGER_BUCKET_NAME = 'prefix-swagger'
 SWAGGER_VERSION = '2.1.4'

 # 2. Download and untar swagger ui
 `curl -L https://github.com/swagger-api/swagger-ui/archive/v#{SWAGGER_VERSION}.tar.gz | tar xz`

 # 3. Create bucket and allow it to serve static pages
 bucket = Aws::S3::Bucket.new(name: SWAGGER_BUCKET_NAME)
 bucket.delete! if bucket.exists?
 bucket.create
 bucket.website.put(
  website_configuration: {
    index_document: {
      suffix: 'index.html',
    },
  }
 )

 # 4. Upload swagger ui to s3 bucket
 SWAGGER_DIRNAME = "./swagger-ui-#{SWAGGER_VERSION}"
 Dir["#{SWAGGER_DIRNAME}/dist/**/*"].select { |path| File.file?(path) }.each do |filename|
  File.open(filename, 'rb') do |file|
    puts "Uploading >> #{filename}"
    bucket.put_object(key: filename.sub("./swagger-ui-#{SWAGGER_VERSION}/dist/", ''), body: file)
  end
 end

 # 5. Delete the downloaded swagger ui code
 FileUtils.rm_rf(SWAGGER_DIRNAME)

 # 6. Create CF Origin Access Identity (Amazon recommends creating and using only one ¯\_(ツ)_/¯)
 cf = Aws::CloudFront::Client.new
 origin_access_id = cf.create_cloud_front_origin_access_identity({
  cloud_front_origin_access_identity_config: {
    caller_reference: 'swagger_ui-s3-cf-access_identity',
    comment: 'SwaggerUI-S3-CF-AccessIdentity',
  },
 }).cloud_front_origin_access_identity

 # 7. Create the CF distribution
 distribution = cf.create_distribution({
  distribution_config: {
    caller_reference: origin_access_id.cloud_front_origin_access_identity_config.caller_reference,
    default_root_object: 'index.html',
    origins: {
      quantity: 1,
      items: [
        {
          id: "S3-#{SWAGGER_BUCKET_NAME}",
          domain_name: "#{SWAGGER_BUCKET_NAME}.s3.amazonaws.com",
          s3_origin_config: {
            origin_access_identity: "origin-access-identity/cloudfront/#{origin_access_id.id}",
          },
        },
      ],
    },
    default_cache_behavior: {
      target_origin_id:  "S3-#{SWAGGER_BUCKET_NAME}",
      forwarded_values: {
        query_string: false,
        cookies: {
          forward: 'none',
        },
      },
      trusted_signers: {
        enabled: false,
        quantity: 0
      },
      viewer_protocol_policy: 'https-only',
      min_ttl: 0,
      allowed_methods: {
        quantity: 2,
        items: ['HEAD','GET'],
        cached_methods: {
          quantity: 2,
          items: ['HEAD','GET'],
        },
      },
      smooth_streaming: false,
      default_ttl: 86400,
      max_ttl: 31536000,
      compress: true,
    },
    comment: 'Swagger-S3-CF-distribution',
    logging: {
      enabled: false,
      include_cookies: false,
      bucket: '',
      prefix: ''
    },
    price_class: 'PriceClass_All',
    enabled: true,
    viewer_certificate: {
      cloud_front_default_certificate: true,
      certificate_source: 'cloudfront',
    },
    restrictions: {
      geo_restriction: {
        restriction_type: 'whitelist',
        quantity: 1,
        items: ['AU'],
      },
    },
  },
 }).distribution

 # 8. Edit the bucket policy to allow CF Origin Access
 bucket.policy.put(
  policy:
 <<POLICY
 {
 	"Version": "2012-10-17",
 	"Statement": [
 		{
      "Sid": "Allow get requests to private content from cloud front",
 			"Effect": "Allow",
 			"Principal": {
        "CanonicalUser": "#{origin_access_id.s3_canonical_user_id}"
 			},
 			"Action": "s3:GetObject",
 			"Resource": "arn:aws:s3:::#{SWAGGER_BUCKET_NAME}/*"
 		}
 	]
 }
 POLICY
 )

 # 9. Open this after the distribution has completed deployment; otherwise 307+403 are cached
 puts "CDN url: https://#{distribution.domain_name}"

 puts '-- Fin --'
	# swagger - s3 - cf
	# Quick (and really dirty) script to deploy swagger-ui onto s3 with cf
	# Script is pretty opsy but allows me to keep all steps in the same file for a gist
	# Swagger used as an example, but it could be any static website

	require 'aws-sdk'
	require 'fileutils'

	# 0. Set AWS credentials in environment variables :
	# Note: IAM role must have Full S3 & CF Access
	# ENV['AWS_REGION'],
	# ENV['AWS_ACCESS_KEY_ID']
	# ENV['AWS_SECRET_ACCESS_KEY']

	# 1. Set Bucket name that will be created here
	SWAGGER_BUCKET_NAME = 'prefix-swagger'
	SWAGGER_VERSION = '2.1.4'

	# 2. Download and untar swagger ui
	`curl -L https://github.com/swagger-api/swagger-ui/archive/v#{SWAGGER_VERSION}.tar.gz \| tar xz`

	# 3. Create bucket and allow it to serve static pages
	bucket = Aws::S3::Bucket.new(name: SWAGGER_BUCKET_NAME)
	bucket.delete! if bucket.exists?
	bucket.create
	bucket.website.put(
	website_configuration: {
	index_document: {
	suffix: 'index.html',
	},
	}
	)

	# 4. Upload swagger ui to s3 bucket
	SWAGGER_DIRNAME = "./swagger-ui-#{SWAGGER_VERSION}"
	Dir["#{SWAGGER_DIRNAME}/dist/*/"].select { \|path\| File.file?(path) }.each do \|filename\|
	File.open(filename, 'rb') do \|file\|
	puts "Uploading >> #{filename}"
	bucket.put_object(key: filename.sub("./swagger-ui-#{SWAGGER_VERSION}/dist/", ''), body: file)
	end
	end

	# 5. Delete the downloaded swagger ui code
	FileUtils.rm_rf(SWAGGER_DIRNAME)

	# 6. Create CF Origin Access Identity (Amazon recommends creating and using only one ¯\_(ツ)_/¯)
	cf = Aws::CloudFront::Client.new
	origin_access_id = cf.create_cloud_front_origin_access_identity({
	cloud_front_origin_access_identity_config: {
	caller_reference: 'swagger_ui-s3-cf-access_identity',
	comment: 'SwaggerUI-S3-CF-AccessIdentity',
	},
	}).cloud_front_origin_access_identity

	# 7. Create the CF distribution
	distribution = cf.create_distribution({
	distribution_config: {
	caller_reference: origin_access_id.cloud_front_origin_access_identity_config.caller_reference,
	default_root_object: 'index.html',
	origins: {
	quantity: 1,
	items: [
	{
	id: "S3-#{SWAGGER_BUCKET_NAME}",
	domain_name: "#{SWAGGER_BUCKET_NAME}.s3.amazonaws.com",
	s3_origin_config: {
	origin_access_identity: "origin-access-identity/cloudfront/#{origin_access_id.id}",
	},
	},
	],
	},
	default_cache_behavior: {
	target_origin_id: "S3-#{SWAGGER_BUCKET_NAME}",
	forwarded_values: {
	query_string: false,
	cookies: {
	forward: 'none',
	},
	},
	trusted_signers: {
	enabled: false,
	quantity: 0
	},
	viewer_protocol_policy: 'https-only',
	min_ttl: 0,
	allowed_methods: {
	quantity: 2,
	items: ['HEAD','GET'],
	cached_methods: {
	quantity: 2,
	items: ['HEAD','GET'],
	},
	},
	smooth_streaming: false,
	default_ttl: 86400,
	max_ttl: 31536000,
	compress: true,
	},
	comment: 'Swagger-S3-CF-distribution',
	logging: {
	enabled: false,
	include_cookies: false,
	bucket: '',
	prefix: ''
	},
	price_class: 'PriceClass_All',
	enabled: true,
	viewer_certificate: {
	cloud_front_default_certificate: true,
	certificate_source: 'cloudfront',
	},
	restrictions: {
	geo_restriction: {
	restriction_type: 'whitelist',
	quantity: 1,
	items: ['AU'],
	},
	},
	},
	}).distribution

	# 8. Edit the bucket policy to allow CF Origin Access
	bucket.policy.put(
	policy:
	<<POLICY
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "Allow get requests to private content from cloud front",
	"Effect": "Allow",
	"Principal": {
	"CanonicalUser": "#{origin_access_id.s3_canonical_user_id}"
	},
	"Action": "s3:GetObject",
	"Resource": "arn:aws:s3:::#{SWAGGER_BUCKET_NAME}/*"
	}
	]
	}
	POLICY
	)

	# 9. Open this after the distribution has completed deployment; otherwise 307+403 are cached
	puts "CDN url: https://#{distribution.domain_name}"

	puts '-- Fin --'