Created
January 26, 2019 04:15
-
-
Save zaun/07b8c4faa76125e260f50b4167dd1035 to your computer and use it in GitHub Desktop.
Setup a website on AWS. Creates DNS, S3, API Gateway and a Lambda function.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: Website S3 Hosted, API Gateway Backend | |
Parameters: | |
DomainName: | |
Type: String | |
Description: The DNS name of an Amazon Route 53 hosted zone e.g. server.com | |
AllowedPattern: '(?!-)[a-zA-Z0-9-.]{1,63}(?<!-)' | |
ConstraintDescription: must be a valid DNS zone name. | |
Mappings: | |
S3RegionMap: | |
us-east-1: | |
S3HostedZoneId: Z3AQBSTGFYJSTF | |
S3WebsiteEndpoint: s3-website-us-east-1.amazonaws.com | |
us-west-1: | |
S3HostedZoneId: Z2F56UZL2M1ACD | |
S3WebsiteEndpoint: s3-website-us-west-1.amazonaws.com | |
us-west-2: | |
S3HostedZoneId: Z3BJ6K6RIION7M | |
S3WebsiteEndpoint: s3-website-us-west-2.amazonaws.com | |
eu-west-1: | |
S3HostedZoneId: Z1BKCTXD74EZPE | |
S3WebsiteEndpoint: s3-website-eu-west-1.amazonaws.com | |
ap-southeast-1: | |
S3HostedZoneId: Z3O0J2DXBE1FTB | |
S3WebsiteEndpoint: s3-website-ap-southeast-1.amazonaws.com | |
ap-southeast-2: | |
S3HostedZoneId: Z1WCIGYICN2BYD | |
S3WebsiteEndpoint: s3-website-ap-southeast-2.amazonaws.com | |
ap-northeast-1: | |
S3HostedZoneId: Z2M4EHUR26P7ZW | |
S3WebsiteEndpoint: s3-website-ap-northeast-1.amazonaws.com | |
sa-east-1: | |
S3HostedZoneId: Z31GFT0UA1I2HV | |
S3WebsiteEndpoint: s3-website-sa-east-1.amazonaws.com | |
Resources: | |
LambdaExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: lambda.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: '/' | |
Policies: | |
- PolicyName: execution | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: '*' | |
- Effect: Allow | |
Action: | |
- s3:GetObject | |
- s3:PutObject | |
- s3:ListBucket | |
Resource: '*' | |
- Effect: Allow | |
Action: | |
- ec2:DescribeNetworkInterfaces | |
- ec2:CreateNetworkInterface | |
- ec2:DeleteNetworkInterface | |
Resource: '*' | |
- Effect: Allow | |
Action: | |
- cognito-idp:AdminGetUser | |
- cognito-idp:AdminUpdateUserAttributes | |
Resource: '*' | |
APIGatewayExecutionRole: | |
Type: AWS::IAM::Role | |
Properties: | |
AssumeRolePolicyDocument: | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: apigateway.amazonaws.com | |
Action: | |
- sts:AssumeRole | |
Path: '/' | |
Policies: | |
- PolicyName: execution | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: | |
- logs:CreateLogGroup | |
- logs:CreateLogStream | |
- logs:PutLogEvents | |
Resource: '*' | |
- Effect: Allow | |
Action: | |
- lambda:InvokeFunction | |
Resource: '*' | |
LambdaFunctionAPI: | |
Type: AWS::Lambda::Function | |
Properties: | |
Code: | |
ZipFile: exports.handler = function (event, context, callback) { callback(null, event); }; | |
Handler: index.handler | |
MemorySize: 128 | |
Role: !GetAtt LambdaExecutionRole.Arn | |
Runtime: nodejs4.3 | |
Timeout: 30 | |
APIGateway: | |
Type: AWS::ApiGateway::RestApi | |
Properties: | |
FailOnWarnings: true | |
Name: !Join ['-', !Split ['.', !Join ['.', ['api', !Ref DomainName]]]] | |
Body: | |
swagger: '2.0' | |
info: | |
version: 0.0.1 | |
title: !Join [' ', ['API route for', !Ref DomainName]] | |
basePath: '/api' | |
paths: | |
'/{proxy+}': | |
options: | |
summary: CORS support | |
description: | | |
Enable CORS by returning correct headers | |
consumes: | |
- application/json | |
produces: | |
- application/json | |
tags: | |
- CORS | |
x-amazon-apigateway-integration: | |
type: mock | |
requestTemplates: | |
application/json: | | |
{ | |
"statusCode" : 200 | |
} | |
responses: | |
"default": | |
statusCode: "200" | |
responseParameters: | |
method.response.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key'" | |
method.response.header.Access-Control-Allow-Methods: "'DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT'" | |
method.response.header.Access-Control-Allow-Origin: "'*'" | |
responseTemplates: | |
application/json: | | |
{} | |
responses: | |
'200': | |
description: Default response for CORS method | |
headers: | |
Access-Control-Allow-Headers: | |
type: "string" | |
Access-Control-Allow-Methods: | |
type: "string" | |
Access-Control-Allow-Origin: | |
type: "string" | |
x-amazon-apigateway-any-method: | |
produces: | |
- "application/json" | |
responses: | |
'200': | |
description: "200 response" | |
schema: | |
$ref: "#/definitions/Empty" | |
x-swagger-router-controller: main | |
x-amazon-apigateway-integration: | |
type: aws_proxy | |
httpMethod: POST | |
uri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${LambdaFunctionAPI.Arn}/invocations" | |
credentials: !GetAtt APIGatewayExecutionRole.Arn | |
definitions: | |
Empty: | |
type: "object" | |
title: "Empty Schema" | |
APIDeployment: | |
Type: AWS::ApiGateway::Deployment | |
Properties: | |
RestApiId: !Ref APIGateway | |
Description: Deploy for live | |
StageName: Live | |
WebsiteBucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: | |
Ref: DomainName | |
AccessControl: PublicRead | |
WebsiteConfiguration: | |
IndexDocument: index.html | |
ErrorDocument: 404.html | |
Tags: | |
- Key: Name | |
Value: !Join ['_', ['WebsiteBucket', !Ref 'AWS::StackName']] | |
- Key: Domain | |
Value: !Ref DomainName | |
DeletionPolicy: Retain | |
WWWBucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Join ['.', ['www', !Ref DomainName]] | |
AccessControl: PublicRead | |
WebsiteConfiguration: | |
RedirectAllRequestsTo: | |
HostName: !Ref WebsiteBucket | |
Tags: | |
- Key: Name | |
Value: !Join ['_', ['WWWBucket', !Ref 'AWS::StackName']] | |
- Key: Domain | |
Value: !Ref DomainName | |
WebsiteBucketPolicy: | |
Type: AWS::S3::BucketPolicy | |
Properties: | |
Bucket: !Ref WebsiteBucket | |
PolicyDocument: | |
Statement: | |
- Action: | |
- s3:GetObject | |
Effect: Allow | |
Resource: !Join ['', ['arn:aws:s3:::', !Ref WebsiteBucket, '/*']] | |
Principal: '*' | |
WWWBucketPolicy: | |
Type: AWS::S3::BucketPolicy | |
Properties: | |
Bucket: !Ref WWWBucket | |
PolicyDocument: | |
Statement: | |
- Action: | |
- s3:GetObject | |
Effect: Allow | |
Resource: !Join ['', ['arn:aws:s3:::', !Ref WWWBucket, '/*']] | |
Principal: '*' | |
DNS: | |
Type: AWS::Route53::HostedZone | |
Properties: | |
HostedZoneConfig: | |
Comment: !Join [' ', ['Hosted zone for', !Ref DomainName]] | |
Name: !Ref DomainName | |
HostedZoneTags: | |
- Key: Application | |
Value: Blog | |
DNSRecord: | |
Type: AWS::Route53::RecordSetGroup | |
DependsOn: DNS | |
Properties: | |
HostedZoneName: | |
Fn::Join: ['', [!Ref DomainName, '.']] | |
Comment: Zone records. | |
RecordSets: | |
- Name: !Ref DomainName | |
Type: A | |
AliasTarget: | |
HostedZoneId: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3HostedZoneId] | |
DNSName: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint] | |
- Name: !Join ['.', ['www', !Ref DomainName]] | |
Type: A | |
AliasTarget: | |
HostedZoneId: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3HostedZoneId] | |
DNSName: !FindInMap [S3RegionMap, !Ref 'AWS::Region', S3WebsiteEndpoint] | |
Outputs: | |
S3WebsiteURL: | |
Value: !GetAtt WebsiteBucket.WebsiteURL | |
Description: URL for website hosted on S3 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment