-
Notifications
You must be signed in to change notification settings - Fork 4
/
generic-project-resources-cloudfront.yml
55 lines (55 loc) · 1.99 KB
/
generic-project-resources-cloudfront.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
AWSTemplateFormatVersion: '2010-09-09'
Description: generic cloudfront and domain for project-resources
Resources:
DNS:
Type: AWS::Route53::RecordSet
Properties:
AliasTarget:
# need to get this from the cloudfront distribution
DNSName: !GetAtt CloudFrontDistribution.DomainName
# static zone id from documentation
HostedZoneId: Z2FDTNDATAQYW2
HostedZoneName: concord.org.
Name: project-resources.concord.org
Type: A
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- project-resources.concord.org
Comment: Generic Cloudfront Distribution for project resources
DefaultCacheBehavior:
AllowedMethods:
- GET
- HEAD
Compress: true
ForwardedValues:
QueryString: true
Cookies:
Forward: none
# support CORS Requests to the resources
Headers:
- Origin
- Access-Control-Request-Headers
- Access-Control-Request-Method
TargetOriginId: S3Origin
ViewerProtocolPolicy: redirect-to-https
Enabled: true
HttpVersion: http2
Logging:
Bucket: cc-cloudfront-logs.s3.amazonaws.com
IncludeCookies: false
Prefix: project-resources
PriceClass: PriceClass_All
Origins:
# use the S3 website domain so requests to / will load in index.html
# more info: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteEndpoints.html#WebsiteRestEndpointDiff
- DomainName: cc-project-resources.s3-website-us-east-1.amazonaws.com
Id: S3Origin
CustomOriginConfig:
# S3 website domain only supports http
OriginProtocolPolicy: http-only
ViewerCertificate:
AcmCertificateArn: arn:aws:acm:us-east-1:612297603577:certificate/2b62511e-ccc8-434b-ba6c-a8c33bbd509e
SslSupportMethod: sni-only