{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Cloudfront Demo Setup",
  "Parameters": {
    "BucketName": {
      "Type": "String",
      "Description": "Name of the bucket to create"
    },
    "Aliases": {
      "Type": "CommaDelimitedList",
      "Description": "CNAMES for this distribution"
    },
    "ErrorBucketName": {
      "Type": "String",
      "Description": "Name of the bucket to hold the 403.html error page"
    },
    "AppLocation": {
      "Type": "String",
      "Description": "The DNS name you have deployed the app to (for example example.com)"
    },
    "DistributionComment": {
      "Type": "String",
      "Description": "Commeht section for the distribution"
    },
    "OriginAccessIdentity": {
      "Type": "String",
      "Description": "The value that CloudFront returned in the Id element when the origin access identity was created."
    }
  },
  "Mappings": {},
  "Conditions": {},
  "Resources": {
    "Distribution": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "Enabled": true,
          "Comment": {"Ref": "DistributionComment"},
          "Aliases": {"Ref": "Aliases"},
          "Origins": [
            {
              "DomainName": { "Ref": "BucketName" },
              "Id": "S3",
              "S3OriginConfig": {
                "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]}
              }
            },
            {
              "DomainName": { "Ref": "ErrorBucketName" },
              "Id": "ErrorS3",
              "S3OriginConfig": {
                "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]}
              }
            },
            {
              "DomainName": { "Ref": "AppLocation" },
              "Id": "Application",
              "CustomOriginConfig": {
                "OriginProtocolPolicy": "match-viewer"
              }
            }
          ],
          "CacheBehaviors": [
            {
              "TargetOriginId": "Application",
              "PathPattern": "/authorization/*",
              "ForwardedValues": {
                "QueryString": true,
                "Cookies": {
                  "Forward": "whitelist",
                  "WhitelistedNames": ["DUMMY"]
                }
              },
              "ViewerProtocolPolicy": "allow-all"
            },
            {
              "TargetOriginId": "ErrorS3",
              "PathPattern": "/errors/*",
              "ForwardedValues": {
                "QueryString": false
              },
              "ViewerProtocolPolicy": "allow-all"
            }
          ],
          "DefaultCacheBehavior": {
            "TargetOriginId": "S3",
            "ForwardedValues": {
              "QueryString": false
            },
            "ViewerProtocolPolicy": "allow-all",
            "TrustedSigners": ["self"]
          },
          "DefaultRootObject": "index.html",
          "CustomErrorResponses": [
            {
              "ErrorCode": 403,
              "ResponsePagePath": "/errors/403.html",
              "ResponseCode": 403
            }
          ]
        }
      }
    }
  },
  "Outputs": {
    "Distribution": {
      "Value": {"Ref": "Distribution"}
    }
  }
}