-
Notifications
You must be signed in to change notification settings - Fork 7
/
serverless.yml
148 lines (140 loc) · 4.59 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
service: FediseerGUI
custom:
CloudfrontHostedZone: Z2FDTNDATAQYW2
Domain: ${env:DOMAIN_NAME}
DomainZone: ${env:DOMAIN_ZONE}
ServiceToken: !Join [':', ['arn:aws:lambda', !Ref AWS::Region, !Ref AWS::AccountId, 'function:AcmCustomResources-prod-customResources']]
provider:
name: aws
stage: ${opt:stage, 'prod'}
region: ${opt:region, 'eu-central-1'}
runtime: provided
lambdaHashingVersion: '20201221'
stackTags:
BillingProject: FediseerGUI
package:
exclude:
- ./**
resources:
Resources:
# Certificates
Certificate:
Type: Custom::Certificate
Properties:
DomainName: ${self:custom.Domain}
ValidationMethod: DNS
Region: us-east-1
ServiceToken: ${self:custom.ServiceToken}
CertificateBlocker:
Type: Custom::IssuedCertificate
DependsOn:
- DnsRecordsCertificateValidation
Properties:
CertificateArn: !Ref Certificate
ServiceToken: ${self:custom.ServiceToken}
CertificateDnsRecord:
Type: Custom::CertificateDNSRecord
Properties:
CertificateArn: !Ref Certificate
DomainName: ${self:custom.Domain}
ServiceToken: ${self:custom.ServiceToken}
DnsRecordsCertificateValidation:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: ${self:custom.DomainZone}
RecordSets:
- Name: !GetAtt CertificateDnsRecord.Name
Type: !GetAtt CertificateDnsRecord.Type
TTL: 60
Weight: 1
SetIdentifier: !Ref Certificate
ResourceRecords:
- !GetAtt CertificateDnsRecord.Value
# DNS
DnsRecords:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: ${self:custom.DomainZone}
RecordSets:
- AliasTarget:
DNSName: !GetAtt WebsiteCDN.DomainName
HostedZoneId: ${self:custom.CloudfrontHostedZone}
Name: ${self:custom.Domain}
Type: A
# Hosting
Website:
Type: AWS::S3::Bucket
Properties:
CorsConfiguration:
CorsRules:
- AllowedHeaders: ["*"]
AllowedMethods: [GET]
AllowedOrigins: ["*"]
PublicAccessBlockConfiguration:
BlockPublicAcls: false
BlockPublicPolicy: false
IgnorePublicAcls: false
RestrictPublicBuckets: false
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Website
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: 's3:GetObject' # to read
Resource: !Join ['/', [!GetAtt Website.Arn, '*']] # things in the bucket
# Webserver
WebsiteCDN:
Type: AWS::CloudFront::Distribution
DependsOn:
- CertificateBlocker
Properties:
DistributionConfig:
Aliases:
- ${self:custom.Domain}
Enabled: true
PriceClass: PriceClass_100
HttpVersion: http2
DefaultRootObject: index.html
Origins:
- Id: Website
DomainName: !GetAtt Website.RegionalDomainName
S3OriginConfig: {} # this key is required to tell CloudFront that this is an S3 origin, even though nothing is configured
DefaultCacheBehavior:
TargetOriginId: Website
AllowedMethods: [GET, HEAD]
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Compress: true
CustomErrorResponses:
- ErrorCode: 500
ErrorCachingMinTTL: 0
- ErrorCode: 504
ErrorCachingMinTTL: 0
- ErrorCode: 404
ResponsePagePath: /index.html
ErrorCachingMinTTL: 0
ResponseCode: 200
- ErrorCode: 403
ResponsePagePath: /index.html
ErrorCachingMinTTL: 0
ResponseCode: 200
ViewerCertificate:
AcmCertificateArn: !Ref Certificate
MinimumProtocolVersion: TLSv1.2_2019
SslSupportMethod: sni-only
Outputs:
Bucket:
Description: The name of the website bucket
Value: !Ref Website
Cdn:
Description: The id of the CDN for website
Value: !Ref WebsiteCDN
Url:
Description: The url of the deployed app
Value: https://${self:custom.Domain}