static-site-ssl.yaml

AWSTemplateFormatVersion: '2010-09-09'
Metadata: 
  License: Apache-2.0
Description: 'AWS Static Website Hosted With S3 and CloudFront with SSL'
Parameters:
  SiteName:
    Type: String
    Description: The final domain this site will deploy to. (e.g. 'test.example.com')
    AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
    ConstraintDescription: must be a valid S3 bucket name.
  AcmCertificate:
    Type: String
    Description: The ARN of a valid ACM certificate.
  HostedZoneName:
    Type: String
    Description: The name of the hosted zone. (Must end in a '.')
Resources:
  WebAppS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: index.html
  WebAppS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket:
        Ref: WebAppS3Bucket
      PolicyDocument:
        Statement:
          - Sid: PublicReadGetObject
            Effect: Allow
            Principal: "*"
            Action:
            - s3:GetObject
            Resource: !Join ['', [!GetAtt WebAppS3Bucket.Arn, '/*']]
  WebAppCloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Aliases:
          - !Ref 'SiteName'
        Origins:
          - DomainName: !Select [1, !Split ['http://', !GetAtt WebAppS3Bucket.WebsiteURL]]
            Id: WebApp
            CustomOriginConfig:
              HTTPPort: 80
              HTTPSPort: 443
              OriginProtocolPolicy: http-only
            # S3OriginConfig:
            #   OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z
        Enabled: 'true'
        DefaultRootObject: index.html
        CustomErrorResponses:
          - ErrorCode: 404
            ResponseCode: 200
            ResponsePagePath: /index.html
        DefaultCacheBehavior:
          AllowedMethods:
            - DELETE
            - GET
            - HEAD
            - OPTIONS
            - PATCH
            - POST
            - PUT
          TargetOriginId: WebApp
          ForwardedValues:
            QueryString: 'false'
            Cookies:
              Forward: none
          ViewerProtocolPolicy: redirect-to-https
        ViewerCertificate:
          AcmCertificateArn: !Ref 'AcmCertificate'
          SslSupportMethod: 'sni-only'
          MinimumProtocolVersion: 'TLSv1.1_2016'
  WebAppRecordSet:
    Type: AWS::Route53::RecordSet
    Properties:
      AliasTarget:
        DNSName: !GetAtt WebAppCloudFrontDistribution.DomainName
        HostedZoneId: Z2FDTNDATAQYW2
      HostedZoneName: !Ref 'HostedZoneName'
      Name: !Ref 'SiteName'
      Type: 'A'
Outputs:
  S3BucketArn:
    Description: The name of the S3 bucket being created
    Value: !Ref WebAppS3Bucket
    Export:
      Name: !Sub '${AWS::StackName}-Bucket'
  CloudFrontDistId:
    Description: The ID of the CloudFront distribution
    Value: !Ref WebAppCloudFrontDistribution
    Export:
      Name: !Sub '${AWS::StackName}-CloudFrontDist'