template_s3_cf.yaml

kinoshita, 2022/10/12 11:53

       AWSTemplateFormatVersion: '2010-09-09'
       Description: Sample template for S3Origin CloudFront
       Parameters:
         CloudFrontPriceClass:
           Type: String
           Default: PriceClass_200
           AllowedValues: [PriceClass_100, PriceClass_200, PriceClass_All]
       Resources:
         OriginS3Bucket:
           Type: AWS::S3::Bucket
           DeletionPolicy: Retain
           UpdateReplacePolicy: Retain
           Properties:
             BucketName: !Sub ${AWS::StackName}-${AWS::AccountId}
             AccessControl: Private
             PublicAccessBlockConfiguration:
               BlockPublicAcls: True
               BlockPublicPolicy: True
               IgnorePublicAcls: True
               RestrictPublicBuckets: True
         OriginS3BucketPolicy:
           Type: AWS::S3::BucketPolicy
           Properties:
             Bucket: !Ref OriginS3Bucket
             PolicyDocument:
               Statement:
                 - Action:
                     - s3:GetObject
                   Effect: Allow
                   Resource: !Sub arn:${AWS::Partition}:s3:::${OriginS3Bucket}/*
                   Principal:
                     AWS: !Sub arn:${AWS::Partition}:iam::cloudfront:user/CloudFront Origin Access Identity ${OriginAccessIdentity}
                 - Action:
                     - s3:ListBucket
                   Effect: Allow
                   Resource: !Sub arn:${AWS::Partition}:s3:::${OriginS3Bucket}
                   Principal:
                     AWS: !Sub arn:${AWS::Partition}:iam::cloudfront:user/CloudFront Origin Access Identity ${OriginAccessIdentity}
         CloudFrontDistribution:
           Type: AWS::CloudFront::Distribution
           Properties:
             DistributionConfig:
               Comment: !Sub "Created by ${AWS::StackName}"
               DefaultCacheBehavior:
                 TargetOriginId: myS3Origin
                 ForwardedValues:
                   QueryString: false
                   Cookies:
                     Forward: 'none'
                 ViewerProtocolPolicy: redirect-to-https
                 Compress: true
               DefaultRootObject: index.html
               Enabled: true
               Origins:
                 - DomainName: !Sub ${OriginS3Bucket}.s3.amazonaws.com
                   Id: myS3Origin
                   S3OriginConfig:
                     OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${OriginAccessIdentity}"
               PriceClass: !Ref CloudFrontPriceClass
               Restrictions:
                 GeoRestriction:
                   RestrictionType: whitelist
                   Locations:
                     - JP
         OriginAccessIdentity:
           Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
           Properties:
             CloudFrontOriginAccessIdentityConfig:
               Comment: !Sub "Created by ${AWS::StackName}"
       Outputs:
         OriginS3BucketName:
           Value: !Ref OriginS3Bucket
           Export:
             Name: !Sub ${AWS::StackName}-OriginS3Bucket
         CloudfrontDomainName:
           Value: !GetAtt CloudFrontDistribution.DomainName
           Export:
             Name: !Sub ${AWS::StackName}-CloudfrontDomainName

プロジェクト

全般

プロフィール

(公開用)フロント系勉強会

template_s3_cf.yaml