-
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathserverless.yml
118 lines (110 loc) · 3.64 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
service: ${self:provider.environment.WEBSITE_S3_BUCKET_NAME}
provider:
name: aws
runtime: nodejs6.10
stage: dev
region: us-east-1 # Lambda@Edge function must be us-east-1
environment:
WEBSITE_S3_BUCKET_NAME: ${env:WEBSITE_S3_BUCKET_NAME, 'sls-static-basic'}
plugins:
- serverless-plugin-cloudfront-lambda-edge
- serverless-s3-sync
custom:
s3Sync:
- bucketName: ${self:provider.environment.WEBSITE_S3_BUCKET_NAME}
localDir: src
package:
exclude:
- src/*
- test/*
- package.json
- README.md
functions:
basicAuth:
name: '${self:provider.environment.WEBSITE_S3_BUCKET_NAME}-viewer-request'
handler: handler.basicAuth
memorySize: 128
timeout: 1
lambdaAtEdge:
distribution: WebsiteDistribution
eventType: 'viewer-request'
resources:
Resources:
WebsiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.WEBSITE_S3_BUCKET_NAME}
AccessControl: Private
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: { Ref: WebsiteBucket }
PolicyDocument:
Statement:
-
Action:
- "s3:GetObject"
Effect: Allow
Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { Ref : WebsiteBucket }, "/*" ] ] }
Principal:
AWS: { "Fn::Join" : [" ", ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity", { Ref: WebsiteOriginAccessIdentity } ] ] }
WebsiteOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: "CloudFrontOriginAccessIdentity for ${self:service}-${self:provider.stage}"
WebsiteDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
DefaultCacheBehavior:
AllowedMethods: [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ]
CachedMethods: [ "GET", "HEAD", "OPTIONS" ]
TargetOriginId: WebsiteBucketOrigin
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 0
MaxTTL: 0
MinTTL: 0
Compress: true
ForwardedValues:
QueryString: true
Cookies:
Forward: 'all'
CustomErrorResponses:
-
ErrorCode: '403'
ErrorCachingMinTTL: 1
-
ErrorCode: '404'
ErrorCachingMinTTL: 1
-
ErrorCode: '500'
ErrorCachingMinTTL: 1
-
ErrorCode: '502'
ErrorCachingMinTTL: 1
-
ErrorCode: '503'
ErrorCachingMinTTL: 1
-
ErrorCode: '504'
ErrorCachingMinTTL: 1
DefaultRootObject: 'index.html'
Enabled: true
PriceClass: 'PriceClass_100'
HttpVersion: 'http2'
ViewerCertificate:
CloudFrontDefaultCertificate: true
Origins:
-
Id: 'WebsiteBucketOrigin'
DomainName: { 'Fn::GetAtt': [ WebsiteBucket, DomainName ] }
S3OriginConfig:
OriginAccessIdentity: { "Fn::Join" : ["", ["origin-access-identity/cloudfront/", { Ref: WebsiteOriginAccessIdentity } ] ] }
Outputs:
WebsiteURL:
Value: { "Fn::Join" : ["", ["https://", { "Fn::GetAtt" : [ WebsiteDistribution, DomainName ] } ] ] }
Description: "URL for website via CloudFront"