-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
131 lines (127 loc) · 4.35 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
service: dan-hunt-dev
plugins:
- serverless-sync-s3
- serverless-cloudfront-invalidate
provider:
name: aws
runtime: nodejs12.x
profile: ${opt:profile, ''}
region: us-east-1
stage: ${opt:stage, ''}
deploymentBucket: dkhunt-serverless-deploys-${self:provider.stage}
custom:
name: dan-hunt-dev
websiteBucketName: ${self:custom.name}-${self:provider.stage}
hostedZoneNameMap:
prod: danhunt.dev.
domainMap:
prod: danhunt.dev
certificateArnMap:
prod: arn:aws:acm:us-east-1:128342825217:certificate/b68a9929-db2c-4905-b16a-6a7cd9eb7bbe
cloudfrontInvalidate:
- distributionIdKey:
Ref: DanHuntDevCloudFrontDistribution
items:
- "/*"
syncS3:
- bucketName: ${self:custom.websiteBucketName}
localDir: dist
resources:
Resources:
DanHuntDevCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- Id: ${self:custom.name}-${self:provider.stage} ## An identifier for the origin which must be unique within the distribution.
DomainName:
"Fn::GetAtt": [DanHuntDevUIBucket, DomainName]
S3OriginConfig:
OriginAccessIdentity:
"Fn::Join":
[
"",
[
"origin-access-identity/cloudfront/",
{ Ref: DanHuntDevUIOriginAccessIdentity },
],
]
Enabled: true
HttpVersion: http2
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ErrorCachingMinTTL: 300
ResponsePagePath: /index.html
- ErrorCode: 403
ResponseCode: 200
ErrorCachingMinTTL: 300
ResponsePagePath: /index.html
DefaultCacheBehavior:
AllowedMethods: [DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT]
CachedMethods: [GET, HEAD, OPTIONS]
TargetOriginId: ${self:custom.name}-${self:provider.stage}
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
Compress: true
ForwardedValues:
QueryString: false
Cookies:
Forward: all
# ## Restrict to North America only
# PriceClass: PriceClass_100
Aliases:
- ${self:custom.domainMap.${self:provider.stage}}
ViewerCertificate:
AcmCertificateArn: ${self:custom.certificateArnMap.${self:provider.stage}}
SslSupportMethod: sni-only
MinimumProtocolVersion: TLSv1.1_2016
DomainRoute53Alias:
Type: AWS::Route53::RecordSet
Properties:
AliasTarget:
DNSName:
"Fn::GetAtt": [DanHuntDevCloudFrontDistribution, DomainName]
EvaluateTargetHealth: false
HostedZoneId: Z2FDTNDATAQYW2 # CloudFront Hosted Zone ID cloudfront.net (NOT CUSTOM DOMAIN)
HostedZoneName: ${self:custom.hostedZoneNameMap.${self:provider.stage}}
Name: ${self:custom.domainMap.${self:provider.stage}}
Type: A
DanHuntDevUIOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: "CloudFrontOriginAccessIdentity for ${self:service}-${self:provider.stage}"
DanHuntDevUIBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.websiteBucketName}
AccessControl: Private
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: index.html
DanHuntDevUIBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: DanHuntDevUIBucket
PolicyDocument:
Statement:
- Action:
- "s3:GetObject"
Effect: Allow
Resource:
{
"Fn::Join":
[
"",
["arn:aws:s3:::", { Ref: DanHuntDevUIBucket }, "/*"],
],
}
Principal:
CanonicalUser:
"Fn::GetAtt":
[DanHuntDevUIOriginAccessIdentity, S3CanonicalUserId]