-
Notifications
You must be signed in to change notification settings - Fork 2
/
template.yml
226 lines (216 loc) · 6.85 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
Description: React Starter UI component resources
Parameters:
EnvironmentCode:
Type: String
Description: Select an Environment
AllowedValues:
- dev
- qa
- prod
Default: dev
ConstraintDescription: Must select a valid environment
Mappings:
EnvironmentAttributeMap:
dev:
CertificateArn: arn:aws:acm:us-east-1:988218269141:certificate/3d110b0f-8b3d-4ddc-bbd8-fab08ae6f038
CloudFrontOAID: E2U9SKLVDD8TPN
HostedZone: dev.leanstacks.net
qa:
CertificateArn: arn:aws:acm:us-east-1:339939222800:certificate/5cd1bce7-1323-4625-a49e-5e72d1cff7ef
CloudFrontOAID: E322H9D7WOKWXW
HostedZone: qa.leanstacks.net
prod:
CertificateArn: arn:aws:acm:us-east-1:854599584783:certificate/fc25a13b-0c9f-4c79-a20f-a13f5d2245b3
CloudFrontOAID: EVMQ2O0M1MS7S
HostedZone: leanstacks.net
Resources:
##
# S3 Bucket for the React App
##
BucketApp:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- 'reactstarter-ui-app.${HostedZone}-${AWS::Region}-${AWS::AccountId}'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
##
# Bucket Policy allows access from AWS CloudFront
##
BucketPolicyApp:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref BucketApp
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Resource: !Join
- ''
- - 'arn:aws:s3:::'
- !Ref BucketApp
- '/*'
Principal:
AWS: !Sub
- 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOAID}'
- CloudFrontOAID:
!FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, CloudFrontOAID]
##
# CloudFront Distribution for the React App - SPA errors and behaviors
##
DistributionUi:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Comment: !Sub 'React Starter UI SPA (${EnvironmentCode})'
CustomErrorResponses:
- ErrorCode: 404
ResponsePagePath: '/index.html'
ResponseCode: 200
- ErrorCode: 403
ResponsePagePath: '/index.html'
ResponseCode: 200
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
DefaultTTL: 60
ForwardedValues:
Cookies:
Forward: none
QueryString: false
TargetOriginId: S3-APP
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
Enabled: true
HttpVersion: http2
Origins:
- DomainName: !GetAtt BucketApp.DomainName
Id: S3-APP
S3OriginConfig:
OriginAccessIdentity: !Sub
- 'origin-access-identity/cloudfront/${CloudFrontOAID}'
- CloudFrontOAID:
!FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, CloudFrontOAID]
PriceClass: PriceClass_100
##
# CloudFront Distribution for complete, full-stack APP - routing for API and UI
##
DistributionApp:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Comment: !Sub 'React Starter UI App (${EnvironmentCode})'
Aliases:
- !Sub
- 'react-starter.${HostedZone}'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
CacheBehaviors:
- AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
DefaultTTL: 0
ForwardedValues:
Cookies:
Forward: none
Headers:
- Accept
- Authorization
- Content-Type
- X-Requested-With
QueryString: true
MaxTTL: 0
MinTTL: 0
PathPattern: /api*
TargetOriginId: CUSTOM-API
ViewerProtocolPolicy: redirect-to-https
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
- OPTIONS
DefaultTTL: 60
ForwardedValues:
Cookies:
Forward: none
QueryString: false
TargetOriginId: CUSTOM-UI
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
Enabled: true
HttpVersion: http2
Origins:
- CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: https-only
OriginSSLProtocols:
- SSLv3
- TLSv1
- TLSv1.1
- TLSv1.2
DomainName: !GetAtt DistributionUi.DomainName
Id: CUSTOM-UI
- CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: https-only
OriginSSLProtocols:
- SSLv3
- TLSv1
- TLSv1.1
- TLSv1.2
DomainName: !Sub
- 'api.${HostedZone}'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
Id: CUSTOM-API
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn:
!FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, CertificateArn]
SslSupportMethod: sni-only
##
# Route53 DNS for the 'App' CloudFront Distribution
##
RecordSetAppA:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Sub
- '${HostedZone}.'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
Name: !Sub
- 'react-starter.${HostedZone}'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt DistributionApp.DomainName
##
# Route53 DNS for the 'App' CloudFront Distribution
##
RecordSetAppAAAA:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Sub
- '${HostedZone}.'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
Name: !Sub
- 'react-starter.${HostedZone}'
- HostedZone: !FindInMap [EnvironmentAttributeMap, !Ref EnvironmentCode, HostedZone]
Type: AAAA
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt DistributionApp.DomainName
Outputs:
AppBucketName:
Description: The application S3 bucket name
Value: !Ref BucketApp
DomainName:
Description: The application domain name
Value: !Ref RecordSetAppA