xschildw · January 11, 2022 21:09
diff --git a/portal-s3web.yaml b/portal-s3web.yaml
 # From https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-s3.html#scenario-s3-bucket-website-customdomain
 AWSTemplateFormatVersion: 2010-09-09
 Description: >-
  Provision a S3 static website (HTTPS) with cloudfront for a SageBionetworks Portal
 #Transform: S3Objects
 Parameters:
  DomainName:
    Description: Domain name for your website (example.org)
    Type: String
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid DNS zone name.
  SubDomainName:
    Description: The sub domain name
    Type: String
  AcmCertificateArn:
    Type: String
    Description: The Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
    AllowedPattern: "arn:aws:acm:.*"
    ConstraintDescription: must be a valid certificate ARN.
 Conditions:
  IsProd: !Equals [!Ref SubDomainName, 'prod']
  IsStaging: !Equals [!Ref SubDomainName, 'staging']
 Resources:
  WebsiteBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      BucketName: !Join ['.',  [!Ref SubDomainName, !Ref DomainName]]
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: index.html
  WebsiteBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join ['', ['arn:aws:s3:::', !Ref WebsiteBucket, /*]]
      Bucket: !Ref WebsiteBucket
  # IndexHtml:
  #   Type: AWS::S3::Object
  #   Metadata:
  #     cfn-lint:
  #       config:
  #         ignore_checks:
  #           - E3001
  #   Properties:
  #     Target:
  #       Bucket: !Ref WebsiteBucket
  #       Key: index.html
  #       ContentType: text/html
  #     Body:
  #       <!DOCTYPE html>
  #       <html lang="en">
  #         <head>
  #           <meta charset="utf-8">
  #           <title>PlaceHolder</title>
  #         </head>
  #         <body>
  #         Placeholder...
  #         </body>
  #       </html>

  # RobotsTxtProd:
  #   Condition: IsProd
  #   Type: AWS::S3::Object
  #   Properties:
  #     Target:
  #       Bucket: !Ref WebsiteBucket
  #       Key: robots.txt
  #       ContentType: text/plain
  #     Body:
  #       User-agent: *
  #       Allow: /
  # RobotsTxtStaging:
  #   Condition: IsStaging
  #   Type: AWS::S3::Object
  #   Properties:
  #     Target:
  #       Bucket: !Ref WebsiteBucket
  #       Key: robots.txt
  #       ContentType: text/plain
  #     Body:
  #       User-agent: *
  #       Disallow: /
  Cloudfront:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Comment: Cloudfront Distribution pointing to S3 bucket
        Origins:
          - DomainName: !Select [2, !Split ["/", !GetAtt WebsiteBucket.WebsiteURL]]
            Id: S3Origin
            CustomOriginConfig:
              HTTPPort: 80
              HTTPSPort: 443
              OriginProtocolPolicy: http-only
        Enabled: true
        HttpVersion: 'http2'
        DefaultRootObject: index.html
        Aliases: 
          !If [IsProd, [!Ref DomainName, !Join ['.', ['www', !Ref DomainName]], !Join ['.', ['tst', !Ref DomainName]], !Join ['.', [!Ref SubDomainName, !Ref DomainName]]] , [!Join ['.', [!Ref SubDomainName, !Ref DomainName]]]]
        CustomErrorResponses:
          - ErrorCachingMinTTL: 60
            ErrorCode: 404
            ResponseCode: 200
            ResponsePagePath: '/index.html'
          - ErrorCachingMinTTL: 60
            ErrorCode: 403
            ResponseCode: 200
            ResponsePagePath: '/index.html'
        DefaultCacheBehavior:
          DefaultTTL: 3600
          AllowedMethods:
            - GET
            - HEAD
          Compress: true
          TargetOriginId: S3Origin
          ForwardedValues:
            QueryString: true
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_100
        ViewerCertificate:
          AcmCertificateArn: !Ref AcmCertificateArn
          SslSupportMethod: sni-only
 Outputs:
  CloudfrontId:
    Value: !Ref Cloudfront
    Description: ID of the Cloudfront distribution
    Export:
      Name: !Sub '${AWS::Region}-${AWS::StackName}-CloudfrontId'
  CloudfrontEndpoint:
    Value: !Join ['', ['https://', !GetAtt Cloudfront.DomainName ]]
    Description: URL for cloudfront
    Export:
      Name: !Sub '${AWS::Region}-${AWS::StackName}-CloudfrontEndpoint'
  BucketWebsiteUrl:
    Value: !GetAtt WebsiteBucket.WebsiteURL
    Description: URL for website hosted in S3 bucket
    Export:
      Name: !Sub '${AWS::Region}-${AWS::StackName}-BucketWebsiteUrl'
  WebsiteBucket:
    Value: !Ref WebsiteBucket
    Description: The bucket containing the website content
    Export:
      Name: !Sub '${AWS::Region}-${AWS::StackName}-WebsiteBucket'
	# From https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-s3.html#scenario-s3-bucket-website-customdomain
	AWSTemplateFormatVersion: 2010-09-09
	Description: >-
	Provision a S3 static website (HTTPS) with cloudfront for a SageBionetworks Portal
	#Transform: S3Objects
	Parameters:
	DomainName:
	Description: Domain name for your website (example.org)
	Type: String
	AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
	ConstraintDescription: must be a valid DNS zone name.
	SubDomainName:
	Description: The sub domain name
	Type: String
	AcmCertificateArn:
	Type: String
	Description: The Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
	AllowedPattern: "arn:aws:acm:.*"
	ConstraintDescription: must be a valid certificate ARN.
	Conditions:
	IsProd: !Equals [!Ref SubDomainName, 'prod']
	IsStaging: !Equals [!Ref SubDomainName, 'staging']
	Resources:
	WebsiteBucket:
	Type: AWS::S3::Bucket
	Properties:
	AccessControl: PublicRead
	BucketName: !Join ['.', [!Ref SubDomainName, !Ref DomainName]]
	BucketEncryption:
	ServerSideEncryptionConfiguration:
	- ServerSideEncryptionByDefault:
	SSEAlgorithm: AES256
	WebsiteConfiguration:
	IndexDocument: index.html
	ErrorDocument: index.html
	WebsiteBucketPolicy:
	Type: AWS::S3::BucketPolicy
	Properties:
	PolicyDocument:
	Id: MyPolicy
	Version: 2012-10-17
	Statement:
	- Sid: PublicReadForGetBucketObjects
	Effect: Allow
	Principal: '*'
	Action: 's3:GetObject'
	Resource: !Join ['', ['arn:aws:s3:::', !Ref WebsiteBucket, /*]]
	Bucket: !Ref WebsiteBucket
	# IndexHtml:
	# Type: AWS::S3::Object
	# Metadata:
	# cfn-lint:
	# config:
	# ignore_checks:
	# - E3001
	# Properties:
	# Target:
	# Bucket: !Ref WebsiteBucket
	# Key: index.html
	# ContentType: text/html
	# Body:
	# <!DOCTYPE html>
	# <html lang="en">
	# <head>
	# <meta charset="utf-8">
	# <title>PlaceHolder</title>
	# </head>
	# <body>
	# Placeholder...
	# </body>
	# </html>

	# RobotsTxtProd:
	# Condition: IsProd
	# Type: AWS::S3::Object
	# Properties:
	# Target:
	# Bucket: !Ref WebsiteBucket
	# Key: robots.txt
	# ContentType: text/plain
	# Body:
	# User-agent: *
	# Allow: /
	# RobotsTxtStaging:
	# Condition: IsStaging
	# Type: AWS::S3::Object
	# Properties:
	# Target:
	# Bucket: !Ref WebsiteBucket
	# Key: robots.txt
	# ContentType: text/plain
	# Body:
	# User-agent: *
	# Disallow: /
	Cloudfront:
	Type: AWS::CloudFront::Distribution
	Properties:
	DistributionConfig:
	Comment: Cloudfront Distribution pointing to S3 bucket
	Origins:
	- DomainName: !Select [2, !Split ["/", !GetAtt WebsiteBucket.WebsiteURL]]
	Id: S3Origin
	CustomOriginConfig:
	HTTPPort: 80
	HTTPSPort: 443
	OriginProtocolPolicy: http-only
	Enabled: true
	HttpVersion: 'http2'
	DefaultRootObject: index.html
	Aliases:
	!If [IsProd, [!Ref DomainName, !Join ['.', ['www', !Ref DomainName]], !Join ['.', ['tst', !Ref DomainName]], !Join ['.', [!Ref SubDomainName, !Ref DomainName]]] , [!Join ['.', [!Ref SubDomainName, !Ref DomainName]]]]
	CustomErrorResponses:
	- ErrorCachingMinTTL: 60
	ErrorCode: 404
	ResponseCode: 200
	ResponsePagePath: '/index.html'
	- ErrorCachingMinTTL: 60
	ErrorCode: 403
	ResponseCode: 200
	ResponsePagePath: '/index.html'
	DefaultCacheBehavior:
	DefaultTTL: 3600
	AllowedMethods:
	- GET
	- HEAD
	Compress: true
	TargetOriginId: S3Origin
	ForwardedValues:
	QueryString: true
	Cookies:
	Forward: none
	ViewerProtocolPolicy: redirect-to-https
	PriceClass: PriceClass_100
	ViewerCertificate:
	AcmCertificateArn: !Ref AcmCertificateArn
	SslSupportMethod: sni-only
	Outputs:
	CloudfrontId:
	Value: !Ref Cloudfront
	Description: ID of the Cloudfront distribution
	Export:
	Name: !Sub '${AWS::Region}-${AWS::StackName}-CloudfrontId'
	CloudfrontEndpoint:
	Value: !Join ['', ['https://', !GetAtt Cloudfront.DomainName ]]
	Description: URL for cloudfront
	Export:
	Name: !Sub '${AWS::Region}-${AWS::StackName}-CloudfrontEndpoint'
	BucketWebsiteUrl:
	Value: !GetAtt WebsiteBucket.WebsiteURL
	Description: URL for website hosted in S3 bucket
	Export:
	Name: !Sub '${AWS::Region}-${AWS::StackName}-BucketWebsiteUrl'
	WebsiteBucket:
	Value: !Ref WebsiteBucket
	Description: The bucket containing the website content
	Export:
	Name: !Sub '${AWS::Region}-${AWS::StackName}-WebsiteBucket'
No results found