-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
133 lines (121 loc) · 3.86 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
service: shop-spa
frameworkVersion: "3"
provider:
name: aws
runtime: nodejs16.x
region: eu-central-1
profile: default
stage: dev
plugins:
- serverless-finch
- serverless-s3-cleaner
- serverless-single-page-app-plugin
custom:
s3BucketName: shop-spa
distributionFolder: dist
# serverless-finch
client:
bucketName: ${self:custom.s3BucketName}
distributionFolder: ${self:custom.distributionFolder}
serverless-s3-cleaner:
buckets:
- ${self:custom.s3BucketName}
resources:
Resources:
AppS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.s3BucketName}
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: index.html
AppS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref AppS3Bucket
PolicyDocument:
Statement:
- Action:
- s3:GetObject
Effect: Allow
Resource: arn:aws:s3:::${self:custom.s3BucketName}/*
Principal:
AWS:
Fn::Join:
- " "
- - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity"
- !Ref CloudFrontOAI
CloudFrontOAI:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: OAI between AppCloudFrontDistribution and AppS3Bucket
CloudFrontCachePolicy:
Type: AWS::CloudFront::CachePolicy
Properties:
CachePolicyConfig:
Name: AppCloudFrontDistributionCachePolicy
DefaultTTL: 86400
MinTTL: 86400
MaxTTL: 31536000
ParametersInCacheKeyAndForwardedToOrigin:
EnableAcceptEncodingGzip: true
EnableAcceptEncodingBrotli: true
HeadersConfig:
HeaderBehavior: whitelist
Headers:
- GET
- HEAD
- OPTIONS
CookiesConfig:
CookieBehavior: none
QueryStringsConfig:
QueryStringBehavior: none
CloudFrontRequestPolicy:
Type: AWS::CloudFront::OriginRequestPolicy
Properties:
OriginRequestPolicyConfig:
Name: AppCloudFrontDistributionRequestPolicy
CookiesConfig:
CookieBehavior: none
HeadersConfig:
HeaderBehavior: whitelist
Headers:
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Origin
QueryStringsConfig:
QueryStringBehavior: all
AppCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
HttpVersion: http2and3
Origins:
- Id: AppS3Origin
DomainName: !GetAtt AppS3Bucket.RegionalDomainName
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOAI}
DefaultCacheBehavior:
TargetOriginId: AppS3Origin
ViewerProtocolPolicy: redirect-to-https
OriginRequestPolicyId: !Ref CloudFrontRequestPolicy
CachePolicyId: !Ref CloudFrontCachePolicy
Compress: true
ViewerCertificate:
CloudFrontDefaultCertificate: true
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
- ErrorCode: 403
ResponseCode: 200
ResponsePagePath: /index.html
# Outputs used by serverless-single-page-app-plugin
Outputs:
WebAppS3BucketOutput:
Value: !Ref AppS3Bucket
WebAppCloudFrontDistributionOutput:
Value: !GetAtt AppCloudFrontDistribution.DomainName