-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yaml
119 lines (113 loc) · 3.93 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CloudFormation template for root domain to subdomain redirection using CloudFront Functions'
Parameters:
SourceDomain:
Type: String
Description: 'The domain name that users will initially access'
DestinationDomain:
Type: String
Description: 'The domain name to which users will be redirected'
HostedZoneId:
Type: String
Description: 'The ID of the hosted zone containing the DNS records for the source domain'
CreateDNSRecords:
Type: String
AllowedValues: ['yes', 'no']
Default: 'yes'
Description: 'Specifies whether to create DNS records in Route 53'
ACMCertificateArn:
Type: String
Default: ''
Description: 'The ARN of an existing ACM certificate. If not provided, one may be created'
CreateACMCertificate:
Type: String
AllowedValues: ['yes', 'no']
Default: 'yes'
Description: 'Specifies whether to create a new ACM certificate if one is not provided'
Conditions:
CreateDNSRecordsCondition: !Equals [!Ref CreateDNSRecords, 'yes']
UseExistingCertificateCondition: !Not [!Equals [!Ref ACMCertificateArn, '']]
CreateNewCertificateCondition: !And
- !Equals [!Ref CreateACMCertificate, 'yes']
- !Not [Condition: UseExistingCertificateCondition]
Resources:
CloudFrontFunction:
Type: AWS::CloudFront::Function
Properties:
Name: RedirectFunction
AutoPublish: true
FunctionConfig:
Comment: !Sub 'Redirects ${SourceDomain} to ${DestinationDomain}'
Runtime: cloudfront-js-2.0
FunctionCode: !Sub |
function handler(event) {
var request = event.request;
var response = {
statusCode: 301,
statusDescription: 'Moved Permanently',
headers: {
location: { value: 'https://${DestinationDomain}' + request.uri }
}
};
return response;
}
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: true
HttpVersion: 'http2and3'
Comment: !Sub 'Redirect function distribution for ${SourceDomain} to ${DestinationDomain}'
DefaultCacheBehavior:
ViewerProtocolPolicy: redirect-to-https
AllowedMethods:
- GET
- HEAD
Compress: true
TargetOriginId: 'dummy'
ForwardedValues:
QueryString: false
Cookies:
Forward: 'none'
FunctionAssociations:
- EventType: viewer-request
FunctionARN: !GetAtt CloudFrontFunction.FunctionARN
Origins:
- Id: 'dummy'
DomainName: 'example.com'
CustomOriginConfig:
HTTPPort: 80
HTTPSPort: 443
OriginProtocolPolicy: http-only
ViewerCertificate:
AcmCertificateArn: !If [UseExistingCertificateCondition, !Ref ACMCertificateArn, !Ref 'ACMCertificateResource']
SslSupportMethod: sni-only
MinimumProtocolVersion: 'TLSv1.2_2021'
PriceClass: PriceClass_All
Aliases:
- !Ref SourceDomain
ACMCertificateResource:
Type: AWS::CertificateManager::Certificate
Condition: CreateNewCertificateCondition
Properties:
DomainName: !Ref SourceDomain
ValidationMethod: DNS
DomainValidationOptions:
- DomainName: !Ref SourceDomain
HostedZoneId: !Ref HostedZoneId
Route53RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
Condition: CreateDNSRecordsCondition
Properties:
HostedZoneId: !Ref HostedZoneId
RecordSets:
- Name: !Ref SourceDomain
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFrontDistribution.DomainName
- Name: !Ref SourceDomain
Type: AAAA
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CloudFrontDistribution.DomainName