{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Cloudfront Demo Setup", "Parameters": { "BucketName": { "Type": "String", "Description": "Name of the bucket to create" }, "Aliases": { "Type": "CommaDelimitedList", "Description": "CNAMES for this distribution" }, "ErrorBucketName": { "Type": "String", "Description": "Name of the bucket to hold the 403.html error page" }, "AppLocation": { "Type": "String", "Description": "The DNS name you have deployed the app to (for example example.com)" }, "DistributionComment": { "Type": "String", "Description": "Commeht section for the distribution" }, "OriginAccessIdentity": { "Type": "String", "Description": "The value that CloudFront returned in the Id element when the origin access identity was created." } }, "Mappings": {}, "Conditions": {}, "Resources": { "Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "Private", "BucketName": { "Ref": "BucketName" } } }, "ErrorBucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "Private", "BucketName": { "Ref": "ErrorBucketName" } } }, "BucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "Bucket" }, "PolicyDocument": { "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "1", "Effect": "Allow", "Principal": { "AWS": {"Fn::Join": [" ", ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity", { "Ref": "OriginAccessIdentity"}]]} }, "Action": "s3:GetObject", "Resource": {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "Bucket"}, "/*"]]} } ] } } }, "Distribution": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "Enabled": true, "Comment": {"Ref": "DistributionComment"}, "Aliases": {"Ref": "Aliases"}, "Origins": [ { "DomainName": {"Fn::GetAtt":[ "Bucket", "DomainName"]}, "Id": "S3", "S3OriginConfig": { "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]} } }, { "DomainName": {"Fn::GetAtt":[ "ErrorBucket", "DomainName"]}, "Id": "ErrorS3", "S3OriginConfig": { "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]} } }, { "DomainName": {"Ref": "AppLocation"}, "Id": "Application", "CustomOriginConfig": { "OriginProtocolPolicy": "match-viewer" } } ], "CacheBehaviors": [ { "TargetOriginId": "Application", "PathPattern": "/authorization/*", "ForwardedValues": { "QueryString": true, "Cookies": { "Forward": "whitelist", "WhitelistedNames": ["DUMMY"] } }, "ViewerProtocolPolicy": "allow-all" }, { "TargetOriginId": "ErrorS3", "PathPattern": "/errors/*", "ForwardedValues": { "QueryString": false }, "ViewerProtocolPolicy": "allow-all" } ], "DefaultCacheBehavior": { "TargetOriginId": "S3", "ForwardedValues": { "QueryString": false }, "ViewerProtocolPolicy": "allow-all", "TrustedSigners": ["self"] }, "DefaultRootObject": "index.html", "CustomErrorResponses": [ { "ErrorCode": 403, "ResponsePagePath": "/errors/403.html", "ResponseCode": 403 } ] } } } }, "Outputs": { "Distribution": { "Value": {"Ref": "Distribution"} }, "ErrorBucket": { "Value": {"Ref": "ErrorBucket"} }, "Bucket": { "Value": {"Ref": "Bucket"} } } }