srcmaxim · September 6, 2020 14:53
diff --git a/https-website.cfn.yml b/https-website.cfn.yml
 AWSTemplateFormatVersion: '2010-09-09'
 Description: Creates an S3 bucket configured for hosting a static website, and a Route
  53 DNS record pointing to the bucket
 Parameters:

  HostedZoneId:
    Type: String
    Description: The DNS name of an existing Amazon Route 53 hosted zone.
    AllowedPattern: (?!-)[A-Z0-9]{1,32}(?<!-)
    ConstraintDescription: must be a valid Route53 Hosted Zone ID.  

  DomainName:
    Type: String
    Description: The full domain name e.g. example.com
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.

  AcmCertificateArn:
    Type: String
    Description: the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
    AllowedPattern: "arn:aws:acm:.*"

 Resources:

  WebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref 'DomainName'
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: index.html
      Tags:
        - Key: Application
          Value: Blog

    DeletionPolicy: Retain

  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref 'WebsiteBucket'
      PolicyDocument:
        Statement:
        - Sid: PublicReadForGetBucketObjects
          Effect: Allow
          Principal: '*'
          Action: s3:GetObject
          Resource: !Join ['', ['arn:aws:s3:::', !Ref 'WebsiteBucket', /*]]

  WebsiteCloudfront:
    Type: AWS::CloudFront::Distribution
    DependsOn:
    - WebsiteBucket
    Properties:
      DistributionConfig:
        Comment: Cloudfront Distribution pointing to S3 bucket
        Origins:
        - DomainName: !Select [2, !Split ["/", !GetAtt WebsiteBucket.WebsiteURL]]
          Id: S3Origin
          CustomOriginConfig:
            HTTPPort: '80'
            HTTPSPort: '443'
            OriginProtocolPolicy: http-only
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases:
        - !Ref 'DomainName'
        DefaultCacheBehavior:
          DefaultTTL: 5
          MaxTTL: 30
          AllowedMethods:
          - GET
          - HEAD
          Compress: true
          TargetOriginId: S3Origin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_100
        ViewerCertificate:
          AcmCertificateArn: !Ref AcmCertificateArn
          SslSupportMethod: sni-only
  
      Tags:
        - Key: Application
          Value: Blog


  WebsiteDNSName:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneId: !Ref 'HostedZoneId'
      RecordSets:
      - Name: !Ref 'DomainName'
        Type: A
        AliasTarget:
          HostedZoneId: Z2FDTNDATAQYW2 # Default Hosted Zone ID for CloudFront
          DNSName: !GetAtt [WebsiteCloudfront, DomainName]

 Outputs:

  BucketName:
    Value: !Ref 'WebsiteBucket'
    Description: Name of S3 bucket to hold website content

  CloudfrontEndpoint:
    Value: !GetAtt [WebsiteCloudfront, DomainName]
    Description: Endpoint for Cloudfront distribution

  DomainName:
    Value: !Ref 'DomainName'
    Description: Domain name
	AWSTemplateFormatVersion: '2010-09-09'
	Description: Creates an S3 bucket configured for hosting a static website, and a Route
	53 DNS record pointing to the bucket
	Parameters:

	HostedZoneId:
	Type: String
	Description: The DNS name of an existing Amazon Route 53 hosted zone.
	AllowedPattern: (?!-)[A-Z0-9]{1,32}(?<!-)
	ConstraintDescription: must be a valid Route53 Hosted Zone ID.

	DomainName:
	Type: String
	Description: The full domain name e.g. example.com
	AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
	ConstraintDescription: must be a valid DNS zone name.

	AcmCertificateArn:
	Type: String
	Description: the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
	AllowedPattern: "arn:aws:acm:.*"

	Resources:

	WebsiteBucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref 'DomainName'
	AccessControl: PublicRead
	WebsiteConfiguration:
	IndexDocument: index.html
	ErrorDocument: index.html
	Tags:
	- Key: Application
	Value: Blog

	DeletionPolicy: Retain

	WebsiteBucketPolicy:
	Type: AWS::S3::BucketPolicy
	Properties:
	Bucket: !Ref 'WebsiteBucket'
	PolicyDocument:
	Statement:
	- Sid: PublicReadForGetBucketObjects
	Effect: Allow
	Principal: '*'
	Action: s3:GetObject
	Resource: !Join ['', ['arn:aws:s3:::', !Ref 'WebsiteBucket', /*]]

	WebsiteCloudfront:
	Type: AWS::CloudFront::Distribution
	DependsOn:
	- WebsiteBucket
	Properties:
	DistributionConfig:
	Comment: Cloudfront Distribution pointing to S3 bucket
	Origins:
	- DomainName: !Select [2, !Split ["/", !GetAtt WebsiteBucket.WebsiteURL]]
	Id: S3Origin
	CustomOriginConfig:
	HTTPPort: '80'
	HTTPSPort: '443'
	OriginProtocolPolicy: http-only
	Enabled: true
	HttpVersion: 'http2'
	DefaultRootObject: index.html
	Aliases:
	- !Ref 'DomainName'
	DefaultCacheBehavior:
	DefaultTTL: 5
	MaxTTL: 30
	AllowedMethods:
	- GET
	- HEAD
	Compress: true
	TargetOriginId: S3Origin
	ForwardedValues:
	QueryString: true
	Cookies:
	Forward: none
	ViewerProtocolPolicy: redirect-to-https
	PriceClass: PriceClass_100
	ViewerCertificate:
	AcmCertificateArn: !Ref AcmCertificateArn
	SslSupportMethod: sni-only

	Tags:
	- Key: Application
	Value: Blog


	WebsiteDNSName:
	Type: AWS::Route53::RecordSetGroup
	Properties:
	HostedZoneId: !Ref 'HostedZoneId'
	RecordSets:
	- Name: !Ref 'DomainName'
	Type: A
	AliasTarget:
	HostedZoneId: Z2FDTNDATAQYW2 # Default Hosted Zone ID for CloudFront
	DNSName: !GetAtt [WebsiteCloudfront, DomainName]

	Outputs:

	BucketName:
	Value: !Ref 'WebsiteBucket'
	Description: Name of S3 bucket to hold website content

	CloudfrontEndpoint:
	Value: !GetAtt [WebsiteCloudfront, DomainName]
	Description: Endpoint for Cloudfront distribution

	DomainName:
	Value: !Ref 'DomainName'
	Description: Domain name