[IT-4498] Another attempt at redirect for apex domain (#1459)

org-formation/800-redirects/_tasks.yaml

@@ -405,3 +405,20 @@ ModelAdExplorerProdAppDnsForward:
     SourceHostedZoneId: "Z038526037U7WWZ1418M6"
     # the value of the CNAME record
     TargetHostName: !CopyValue ['model-ad-prod-load-balancer-dns', !Ref AgoraProdAccount]
+
+# Issue IT-4498, redirect treat-ad.org to treatad.org
+TreatAdApexRedirect:
+  Type: update-stacks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.3/templates/S3/s3-apex-redirector.yaml
+  StackName: !Sub '${resourcePrefix}-treatad-apex-redirect'
+  StackDescription: Setup a redirect from treat-ad.org to treatad.org
+  DefaultOrganizationBindingRegion: !Ref primaryRegion
+  DefaultOrganizationBinding:
+    Account: !Ref SageITAccount
+  Parameters:
+    # the endpoint we are redirecting from
+    SourceDomainName: "treat-ad.org"
+    # the endpoint we are redirecting to
+    TargetDomainName: "treatad.org"
+    AcmCertificateArn: "arn:aws:acm:us-east-1:797640923903:certificate/e8e438c6-8b58-4c39-b63d-d9c2a051e068"
+    RedirectFctName: !Sub '${resourcePrefix}-treatad-apex-redirect-cloudfront-fct'

org-formation/800-redirects/s3-apex-redirector.yaml

@@ -0,0 +1,123 @@
+# Set up a redirect from one apex domain to another using a cloudfront function
+# For example: redirect all traffic from my-site.org to mysite.org
+# This setup requires that the source and target zones are in the same account.
+AWSTemplateFormatVersion: 2010-09-09
+Description: >-
+  Setup redirect from one apex domain to another
+Parameters:
+  SourceDomainName:
+    Type: String
+    Description: Source Domain name (i.e. my-site.org
+  TargetDomainName:
+    Type: String
+    Description: Target Domain name
+    ConstraintDescription: must be a resolvable DNS domain (i.e mysite.org)
+  AcmCertificateArn:
+    Type: String
+    Description: The Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
+    AllowedPattern: "arn:aws:acm:.*"
+    ConstraintDescription: must be a valid certificate ARN
+  RedirectFctName:
+    Type: String
+    Description: Redirect function name
+Resources:
+  Cloudfront:
+    Type: AWS::CloudFront::Distribution
+    Properties:
+      DistributionConfig:
+        Comment: Cloudfront Distribution pointing to S3 bucket
+        Origins:
+          - Id: dummy
+            DomainName: dummy.org
+            CustomOriginConfig:
+              OriginProtocolPolicy: https-only
+              HTTPSPort: 443
+              OriginSSLProtocols: [ TLSv1.2 ]
+        Enabled: true
+        HttpVersion: 'http2'
+        DefaultRootObject: index.html
+        Aliases:
+          - !Ref SourceDomainName
+        CustomErrorResponses:
+          - ErrorCachingMinTTL: 60
+            ErrorCode: 404
+            ResponseCode: 200
+            ResponsePagePath: '/index.html'
+          - ErrorCachingMinTTL: 60
+            ErrorCode: 403
+            ResponseCode: 200
+            ResponsePagePath: '/index.html'
+        DefaultCacheBehavior:
+          DefaultTTL: 3600
+          AllowedMethods:
+            - GET
+            - HEAD
+          Compress: true
+          TargetOriginId: dummy
+          ForwardedValues:
+            QueryString: true
+            Cookies:
+              Forward: none
+          FunctionAssociations:
+          -
+            EventType: viewer-request
+            FunctionARN: !GetAtt RedirectFct.FunctionARN
+          ViewerProtocolPolicy: redirect-to-https
+        PriceClass: PriceClass_100
+        ViewerCertificate:
+          AcmCertificateArn: !Ref AcmCertificateArn
+          MinimumProtocolVersion: TLSv1.2_2021
+          SslSupportMethod: sni-only
+  RedirectFct:
+    Type: AWS::CloudFront::Function
+    Properties:
+      AutoPublish: true
+      FunctionCode:
+        Fn::Sub: |
+          function handler(event) {
+              var request = event.request;
+              var uri = request.uri;
+              var queryparams = request.querystring;
+              var response = {
+                  statusCode: 307,
+                  statusDescription: 'OK',
+                  headers: {
+                      'cloudfront-functions': { value: 'generated-by-CloudFront-Functions' },
+                      'location': { value: 'https://${TargetDomainName}' }
+                  }
+                };
+              return response;
+          }
+      FunctionConfig:
+        Comment: Redirects requests from /Explore/Programs/DetailsPage
+        Runtime: cloudfront-js-1.0
+      Name: !Ref RedirectFctName
+  HostedZone:
+    Type: "AWS::Route53::HostedZone"
+    Properties:
+      Name: !Ref SourceDomainName
+  DnsRecord:
+    Type: AWS::Route53::RecordSet
+    Properties:
+      Name: !Ref SourceDomainName
+      Type: "A"
+      Region: !Sub '${AWS::Region}'
+      HostedZoneId: !Ref HostedZone
+      SetIdentifier: !Sub '${AWS::StackName}'
+      AliasTarget:
+        DNSName: !GetAtt Cloudfront.DomainName
+        HostedZoneId: "Z2FDTNDATAQYW2"    # hosted zone ID for cloudfront
+Outputs:
+  CloudfrontId:
+    Value: !Ref Cloudfront
+    Description: ID of the Cloudfront distribution
+    Export:
+      Name: !Sub '${AWS::StackName}-CloudfrontId'
+  CloudfrontEndpoint:
+    Value: !Join
+      - ''
+      - - 'https://'
+        - !GetAtt Cloudfront.DomainName
+    Description: URL for cloudfront
+    Export:
+      Name: !Sub '${AWS::StackName}-CloudfrontEndpoint'