Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make region limitation more clear #50

Merged
merged 2 commits into from
Jan 20, 2022
Merged

Make region limitation more clear #50

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8dec452
Add warning about valid region
ConnorKirk Jan 19, 2022
59166a7
Add rule preventing deployment outside us-east-1
ConnorKirk Jan 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ For more information, see [Mozilla’s web security guidelines](https://infosec.
You must have a registered domain name, such as example.com, and point it to a Route 53 hosted zone in the same AWS account in which you deploy this solution. For more information, see [Configuring Amazon Route 53 as your DNS service](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring.html).

## Deploy the solution

> :⚠️ This template can only be deployed in the `us-east-1` region

To deploy the solution, you use [AWS CloudFormation](https://aws.amazon.com/cloudformation). You can use the CloudFormation console, or download the CloudFormation template to deploy it on your own.

> **Note:** You must have IAM permissions to launch CloudFormation templates that create IAM roles, and to create all the AWS resources in the solution. Also, you are responsible for the cost of the AWS services used while running this solution. For more information about costs, see the pricing pages for each AWS service.
Expand All @@ -72,14 +75,14 @@ To deploy the solution, you use [AWS CloudFormation](https://aws.amazon.com/clou

- **SubDomain:** The subdomain for your registered domain name. Viewers use the subdomain to access your website, for example: www.example.com. We recommend using the default value of **www** as the subdomain.
- **DomainName:** Your registered domain name, such as example.com. This domain must be pointed to a Route 53 hosted zone.
- **HostedZoneId** The Route 53 Hosted Zone Id containing the domain being used.
- **HostedZoneId** The Route 53 Hosted Zone Id containing the domain being used.
- **CreateApex:** Optionally create an Alias to the domain apex (example.com) in your CloudFront configuration. Default is [no]

After entering values, choose the **Next** button.
5. On the **Configure stack options** page, you can optionally [add tags and other stack options](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-add-tags.html). When finished, choose the **Next** button.
6. On the **Review** page, you must scroll down and check the two boxes in the **Capabilities** section:

- **I acknowledge that AWS CloudFormation might create IAM resources with custom names.**
- **I acknowledge that AWS CloudFormation might create IAM resources with custom names.**
- **I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND**

These capabilities allow CloudFormation to create an IAM role that allows access
Expand All @@ -104,7 +107,7 @@ To download the CloudFormation template to deploy on your own, for example by [u
https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-static-site/latest/main.yaml

## Customizing the Solution
### Update the website content locally
### Update the website content locally

**To customize the website with your own content before deploying the solution**

Expand Down Expand Up @@ -141,7 +144,7 @@ https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-st
--capabilities CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
--parameter-overrides DomainName=<your domain name> SubDomain=<your website subdomain> HostedZoneId=<hosted zone id>
```

8. [Optional] Run the following command to deploy the packaged CloudFormation template to a CloudFormation stack with a domain apex.

```shell
Expand All @@ -157,7 +160,7 @@ https://s3.amazonaws.com/solution-builders-us-east-1/amazon-cloudfront-secure-st

To change the Content Security Policy of the site:

1. Make your changes to the header values by editing `source/secured-headers/index.js`.
1. Make your changes to the header values by editing `source/secured-headers/index.js`.
1. Deploy the solution by following the steps in [Update the website content locally](#update-the-website-content-locally)


Expand Down
11 changes: 11 additions & 0 deletions templates/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,17 @@ Mappings:
Constants:
Version: 'v0.7'

Rules:
OnlyUsEast1:
Assertions:
- Assert:
Fn::Equals:
- !Ref AWS::Region
- us-east-1
AssertDescription: |
This template can only be deployed in the us-east-1 region.
This is because the ACM Certificate must be created in us-east-1

Parameters:
SubDomain:
Description: The part of a website address before your DomainName - e.g. www or img
Expand Down