-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
153 lines (145 loc) · 4.74 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
service: makingsense-analytics-front
frameworkVersion: '3'
provider:
name: aws
region: ${opt:region, 'us-east-1'}
stackName: ${self:custom.resources.prefix}-Front-End
deploymentMethod: direct
deploymentBucket:
serverSideEncryption: AES256
blockPublicAccess: true
name: serverless-ms-analytics-${self:custom.stage}-${self:provider.region}
custom:
stage: ${opt:stage, 'develop'}
resources:
prefix: makingsense-analytics-${self:custom.stage}
s3Sync:
- bucketName: 'serverless-ms-analytics-front-${self:custom.stage}'
localDir: build
defaultContentType: text/html
cloudfrontInvalidate:
- distributionIdKey: "CDNDistributionId"
items:
- "/*"
plugins:
- serverless-s3-sync
- serverless-cloudfront-invalidate
resources:
Resources:
OriginAccessIdentity:
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Comment: 'MS-Analytics Front ${self:custom.stage}'
DefaultCacheBehavior:
AllowedMethods:
- HEAD
- GET
- OPTIONS
TargetOriginId: frontS3
Compress: true
DefaultTTL: 3600
MaxTTL: 43200
ForwardedValues:
QueryString: false
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
Enabled: true
DefaultRootObject: index.html
HttpVersion: 'http2and3'
IPV6Enabled: false
ViewerCertificate:
CloudFrontDefaultCertificate: true
Origins:
- Id: frontS3
DomainName: 'serverless-ms-analytics-front-${self:custom.stage}.s3.amazonaws.com'
S3OriginConfig:
OriginAccessIdentity:
!Join ['/', ['origin-access-identity/cloudfront', !Ref OriginAccessIdentity]]
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
- ErrorCode: 403
ResponseCode: 200
ResponsePagePath: /index.html
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: { Ref: StaticSite }
PolicyDocument:
Statement:
- Sid: 'CloudFront'
Action:
- 's3:GetObject'
Effect: Allow
Resource: { 'Fn::Join': ['', ['arn:aws:s3:::', { Ref: StaticSite }, '/*']] }
Principal:
AWS:
{
'Fn::Join':
[
' ',
[
'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity',
{ Ref: OriginAccessIdentity }
]
]
}
StaticSite:
Type: AWS::S3::Bucket
Properties:
AccessControl: Private
BucketName: 'serverless-ms-analytics-front-${self:custom.stage}'
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
CorsConfiguration:
CorsRules:
- AllowedHeaders:
- '*'
AllowedMethods:
- GET
- HEAD
AllowedOrigins:
- '*'
ExposedHeaders:
- ETag
MaxAge: 3600
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: index.html
RoutingRules:
- RedirectRule:
ReplaceKeyWith: '/index.html'
RoutingRuleCondition:
KeyPrefixEquals: '/'
- RedirectRule:
ReplaceKeyWith: '/index.html'
RoutingRuleCondition:
KeyPrefixEquals: '/logout'
- RedirectRule:
ReplaceKeyWith: '/index.html'
RoutingRuleCondition:
KeyPrefixEquals: '/not-found'
Outputs:
#URL De CloudFront
WebsiteURL:
Description: 'MS-Analytics CloudFront URL-${self:custom.stage}'
Value:
{ 'Fn::Join': ['', ['https://', { 'Fn::GetAtt': [CloudFrontDistribution, DomainName] }]] }
Export:
Name: 'ms-analytics-${self:custom.stage}-front-URL'
CDNDistributionId:
Description: 'analytics CloudFront ID-${self:custom.stage}'
Value:
Ref: CloudFrontDistribution
Export:
Name: 'ms-analytics-${self:custom.stage}-front-ID'