| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 |
- AWSTemplateFormatVersion: "2010-09-09"
- Description: Amazon S3 Find and Forget Web UI
- Parameters:
- AccessLogsBucket:
- Type: String
- Default: ""
- CreateCloudFrontDistribution:
- Type: String
- DeployWebUI:
- Type: String
- ResourcePrefix:
- Type: String
- Conditions:
- WithAccessLogs: !Not [!Equals [!Ref AccessLogsBucket, ""]]
- ShouldDeployWebUI: !Equals [!Ref DeployWebUI, "true"]
- WithCloudFront: !And
- - !Equals [!Ref CreateCloudFrontDistribution, "true"]
- - !Condition ShouldDeployWebUI
- Resources:
- WebUIBucket:
- Type: AWS::S3::Bucket
- Properties:
- VersioningConfiguration:
- Status: Enabled
- BucketEncryption:
- ServerSideEncryptionConfiguration:
- - ServerSideEncryptionByDefault:
- SSEAlgorithm: AES256
- CorsConfiguration:
- CorsRules:
- - AllowedHeaders: ["*"]
- AllowedMethods: [GET]
- AllowedOrigins: ["*"]
- Id: !Sub ${ResourcePrefix}CorsRule
- MaxAge: 3600
- LoggingConfiguration: !If
- - WithAccessLogs
- - DestinationBucketName: !Ref AccessLogsBucket
- LogFilePrefix: !Sub ${ResourcePrefix}/
- - !Ref AWS::NoValue
- WebUIBucketPolicy:
- Type: AWS::S3::BucketPolicy
- Condition: ShouldDeployWebUI
- Properties:
- Bucket: !Ref WebUIBucket
- PolicyDocument:
- Statement:
- - Sid: HttpsOnly
- Action: '*'
- Effect: Deny
- Resource:
- - !Sub arn:${AWS::Partition}:s3:::${WebUIBucket}
- - !Sub arn:${AWS::Partition}:s3:::${WebUIBucket}/*
- Principal: '*'
- Condition:
- Bool:
- 'aws:SecureTransport': 'false'
- - !If
- - WithCloudFront
- - Sid: CloudFrontOriginOnly
- Action: s3:GetObject
- Effect: Allow
- Resource: !Sub arn:${AWS::Partition}:s3:::${WebUIBucket}/*
- Principal:
- CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
- - !Ref AWS::NoValue
- CloudFrontOriginAccessIdentity:
- Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
- Condition: WithCloudFront
- Properties:
- CloudFrontOriginAccessIdentityConfig:
- Comment: !Ref WebUIBucket
- CloudFrontDistribution:
- Type: AWS::CloudFront::Distribution
- Condition: WithCloudFront
- Properties:
- DistributionConfig:
- Origins:
- - DomainName: !GetAtt WebUIBucket.RegionalDomainName
- Id: !Sub ${ResourcePrefix}-myS3Origin
- S3OriginConfig:
- OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}
- Enabled: true
- HttpVersion: http2
- Comment: The Distribution for Amazon S3 Find and Forget
- DefaultRootObject: index.html
- DefaultCacheBehavior:
- AllowedMethods:
- - HEAD
- - GET
- - OPTIONS
- TargetOriginId: !Sub ${ResourcePrefix}-myS3Origin
- ForwardedValues:
- QueryString: false
- Cookies:
- Forward: none
- ViewerProtocolPolicy: redirect-to-https
- PriceClass: PriceClass_All
- ViewerCertificate:
- CloudFrontDefaultCertificate: true
- Logging: !If
- - WithAccessLogs
- - Bucket: !Sub ${AccessLogsBucket}.s3.${AWS::URLSuffix}
- IncludeCookies: false
- Prefix: !Sub ${ResourcePrefix}/
- - !Ref AWS::NoValue
- Outputs:
- CloudFrontDistribution:
- Value: !If
- - WithCloudFront
- - !Ref CloudFrontDistribution
- - "none"
- Origin:
- Value: !If
- - WithCloudFront
- - !Sub "https://${CloudFrontDistribution.DomainName}"
- - !Sub "https://${WebUIBucket.RegionalDomainName}"
- Description: Web UI Origin
- Url:
- Value: !If
- - WithCloudFront
- - !Sub "https://${CloudFrontDistribution.DomainName}"
- - !Sub "https://${WebUIBucket.RegionalDomainName}/index.html"
- Description: Web UI Url
- WebUIBucket:
- Value: !Ref WebUIBucket
- Description: Web UI S3 Bucket
|
