-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathprimary-region-infra.yml
134 lines (129 loc) · 4.21 KB
/
primary-region-infra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
StandbyReplBucketArn:
Type: String
Description: This is the bucket arn in the standby region
ACMCertArn:
Type: String
Description: This is the ACM arn
SiteURL:
Type: String
Description: This is the URL of the site
ZoneName:
Type: String
Description: This is the ZoneName of the SiteURL
USEast1Bucket:
Type: String
Description: This is the us-east-1 artifact bucket
Outputs:
PrimaryHealthCheckId:
Description: "Physical ID of healthcheck"
Value: !Ref PrimaryHealthCheck
PrimaryS3BucketArn:
Description: "Full S3 Bucket Arn"
Value: !Join [ "", [ 'arn:aws:s3:::' , !Ref PrimaryBucket ] ]
PrimaryS3BucketName:
Description: "S3 Bucket Name"
Value: !Ref PrimaryBucket
CloudFrontDistributionDomainName:
Description: Domain Name
Value: !GetAtt PrimaryCloudFrontDistribution.DomainName
CloudFrontDistributionID:
Description: CF ID
Value: !Ref PrimaryCloudFrontDistribution
Route53StackName:
Description: Nested Stack Name
Value: !GetAtt Route53Stack.Outputs.StackName
Resources:
# Create a bucket
PrimaryBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Properties:
VersioningConfiguration:
Status: Enabled
ReplicationConfiguration:
Role: !GetAtt StaticS3ReplRole.Arn
Rules:
- Id: ReplAll
Status: Enabled
Prefix: ""
Destination:
Bucket: !Ref StandbyReplBucketArn
WebsiteConfiguration:
IndexDocument: "index.html"
# Role for the bucket
StaticS3ReplRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [s3.amazonaws.com]
# Policy for the role
BucketBackupPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action: ['s3:GetReplicationConfiguration', 's3:ListBucket']
Effect: Allow
Resource:
- !Join ['', ['arn:aws:s3:::', !Ref 'PrimaryBucket']]
- Action: ['s3:GetObjectVersion', 's3:GetObjectVersionAcl']
Effect: Allow
Resource:
- !Join ['', ['arn:aws:s3:::', !Ref 'PrimaryBucket', /*]]
- Action: ['s3:ReplicateObject', 's3:ReplicateDelete']
Effect: Allow
Resource:
- !Join ['', [ !Ref StandbyReplBucketArn, /* ] ]
PolicyName: BucketBackupPolicy
Roles: [ !Ref 'StaticS3ReplRole' ]
PrimaryHealthCheck:
Type: "AWS::Route53::HealthCheck"
Properties:
HealthCheckConfig:
FullyQualifiedDomainName: !Join [ '.', [ !Join [ '-', [ "s3", !Ref "AWS::Region" ] ], "amazonaws.com" ] ]
Type: "HTTP"
ResourcePath: !Join [ '/', [ '', !Ref 'PrimaryBucket', 'index.html' ] ]
FailureThreshold: 1
HealthCheckTags:
- Key: "Name"
Value: !Sub "PrimaryBucket - ${SiteURL}"
PrimaryCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Ref SiteURL
Comment: PrimaryCloudFrontDistribution
DefaultCacheBehavior:
ForwardedValues:
QueryString: false
TargetOriginId: PrimaryBucketOrigin
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
Enabled: 'true'
HttpVersion: http2
Origins:
# Use the WebsiteURL /but/ use the part after '//'
- DomainName: !Select [ "1" , "Fn::Split": [ "//", "Fn::GetAtt": [ PrimaryBucket, WebsiteURL ] ] ]
Id: PrimaryBucketOrigin
CustomOriginConfig:
OriginProtocolPolicy: "http-only"
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref ACMCertArn
SslSupportMethod: sni-only
Route53Stack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: !Join ['', [ "https://s3.amazonaws.com/", !Ref 'USEast1Bucket', '/nested-route53.yml' ] ]
TimeoutInMinutes: 5
Parameters:
ZoneName: !Ref ZoneName
SiteURL: !Ref SiteURL
AliasTargetDNSName: !GetAtt PrimaryCloudFrontDistribution.DomainName