template.cfn.yaml

AWSTemplateFormatVersion: '2010-09-09'

Parameters:
  Env:
    Type: 'String'
    Default: 'prod'

Conditions:
  IsProd: !Equals
    - !Ref Env
    - 'prod'

Resources:

  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Sub "cars-fe-${Env}"
      PublicAccessBlockConfiguration:
        BlockPublicAcls : true
        BlockPublicPolicy : true
        IgnorePublicAcls : true
        RestrictPublicBuckets : true
      VersioningConfiguration:
        Status: Suspended
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: 'AES256'

  BucketPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Properties:
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PolicyForCloudFrontPrivateContent
            Effect: Allow
            Principal:
              CanonicalUser: !GetAtt CFOriginAccessIdentity.S3CanonicalUserId
            Action: 's3:GetObject*'
            Resource: !Join
              - ''
              - - 'arn:aws:s3:::'
                - !Ref S3Bucket
                - /*
      Bucket: !Ref S3Bucket

  CFDistribution:
    Type: 'AWS::CloudFront::Distribution'
    DependsOn:
      - CFOriginAccessIdentity
    Properties:
      DistributionConfig:
        Origins:
          - DomainName: !GetAtt S3Bucket.RegionalDomainName
            Id: myS3Origin
            S3OriginConfig:
              OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${CFOriginAccessIdentity}"
        Enabled: 'true'
        DefaultRootObject: index.html
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          TargetOriginId: myS3Origin
          CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6 # CachingOptimized
          OriginRequestPolicyId: 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf # CORS-S3Origin
          ViewerProtocolPolicy: redirect-to-https
        PriceClass: PriceClass_100
        ViewerCertificate:
          AcmCertificateArn: "arn:aws:acm:us-east-1:428124435373:certificate/c8de19e7-c3f9-44de-9d3c-563e5fa91796"
          SslSupportMethod: 'sni-only'
          MinimumProtocolVersion: 'TLSv1.2_2021'
        Aliases:
          - !Sub
            - "${Prefix}cars.foacs.fr"
            - Prefix: !If [ IsProd, '', !Sub "${Env}." ]

  CFOriginAccessIdentity:
    Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
    DependsOn:
      - S3Bucket
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: !Sub "access-identity-cars-fe-${Env}"

  Route53:
    Type: 'AWS::Route53::RecordSet'
    DependsOn:
      - CFDistribution
    Properties:
      HostedZoneId: Z09666831AUBN0E7PSDUV
      AliasTarget:
        DNSName: !GetAtt CFDistribution.DomainName
        EvaluateTargetHealth: false
        HostedZoneId: Z2FDTNDATAQYW2
      Name: !Sub
        - "${Prefix}cars.foacs.fr."
        - Prefix: !If [IsProd, '', !Sub "${Env}."]
      Type: A