-
Notifications
You must be signed in to change notification settings - Fork 2
/
template.yml
100 lines (95 loc) · 3.03 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
Parameters:
ProjectId:
Type: String
Description: id of the project. used to create ressources with the project name.
Resources:
AudioLambdaEdgeFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Ref 'ProjectId'
Handler: index.handler
Runtime: nodejs10.x
MemorySize: 3008
Timeout: 10
AutoPublishAlias: live
#Environment:
# Variables:
# BUCKET: !Ref 'AudioFileS3Bucket'
# NODE_ENV: prod
Role:
Fn::ImportValue:
!Join ['-', [!Ref 'ProjectId', !Ref 'AWS::Region', 'LambdaTrustRole']]
Tags:
SITE: !Ref 'ProjectId'
AudioFileS3Bucket:
Type: AWS::S3::Bucket
Description: Creating Amazon S3 bucket to store audio files
Properties:
BucketName: !Join ['-', [ !Ref 'AWS::Region', !Ref 'AWS::AccountId', !Ref 'ProjectId', 'data']]
Tags:
- Key: APP
Value: !Ref 'ProjectId'
VersioningConfiguration:
Status: Enabled
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
CFS3OriginAccessIdentity:
Type: "AWS::CloudFront::CloudFrontOriginAccessIdentity"
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Ref 'ProjectId'
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref 'AudioFileS3Bucket'
PolicyDocument:
Statement:
- Effect: Allow
Principal:
CanonicalUser:
Fn::GetAtt: [ CFS3OriginAccessIdentity , S3CanonicalUserId ]
Action: "s3:GetObject"
Resource: !Sub "${AudioFileS3Bucket.Arn}/*"
CFS3Distribution:
DependsOn: AudioLambdaEdgeFunction
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !Join ['', [!Ref 'AudioFileS3Bucket', '.s3.amazonaws.com']]
Id: myS3Origin
S3OriginConfig:
OriginAccessIdentity: !Join ['',['origin-access-identity/cloudfront/', !Ref 'CFS3OriginAccessIdentity'] ]
Enabled: 'true'
Comment: !Ref 'ProjectId'
DefaultRootObject: index.html
DefaultCacheBehavior:
LambdaFunctionAssociations:
- EventType: origin-response
LambdaFunctionARN: !Ref AudioLambdaEdgeFunction.Version
AllowedMethods:
- GET
- HEAD
- OPTIONS
TargetOriginId: myS3Origin
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
Headers:
- Origin
- Access-Control-Request-Headers
- Access-Control-Request-Method
ViewerProtocolPolicy: redirect-to-https
HttpVersion: http2
ViewerCertificate:
CloudFrontDefaultCertificate: true
Tags:
- Key: APP
Value: !Ref 'ProjectId'