-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemplate.yml
148 lines (139 loc) · 4.48 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
AWSTemplateFormatVersion: "2010-09-09"
Description: Cloudfront + Lambda@edge deployment stack.
Transform: AWS::Serverless-2016-10-31
Parameters:
CdnCertificateArn:
Type: String
Description: ARN of the wildcard certificate for source domain
DestinationDomain:
Type: String
Description: The Domain of the destination to redirect requests
EnableLogs:
Type: String
Description: Lambda@Edge creates logs in multiple locations based on traffic. Switch to enable/disable logs
AllowedValues:
- true
- false
Default: true
StatusCode:
Type: Number
Description: The status code of the redirect
AllowedValues:
- 301
- 302
Default: 301
ZoneName:
Type: String
Description: Source zone name
ZoneSubdomain:
Type: String
Description: Source zone subdomain
Conditions:
LogsEnabled: !Equals [!Ref EnableLogs, true]
Resources:
CFDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Enabled: "true"
Comment: !Sub "${ZoneSubdomain}.${ZoneName} - Automatic Redirect using Lambda@Edge"
Aliases:
- !Join [".", [!Ref ZoneSubdomain, !Ref ZoneName]]
- !Ref ZoneName
Origins:
- Id: MyOrigin
DomainName: aws.amazon.com
CustomOriginConfig:
HTTPPort: 80
OriginProtocolPolicy: match-viewer
OriginCustomHeaders:
- HeaderName: "x-env-statuscode"
HeaderValue: !Ref StatusCode
- HeaderName: "x-env-destination"
HeaderValue: !Ref DestinationDomain
- HeaderName: "x-env-source"
HeaderValue: !Join [".", [!Ref ZoneSubdomain, !Ref ZoneName]]
DefaultCacheBehavior:
TargetOriginId: MyOrigin
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !Ref LambdaEdgeFunction.Version
ForwardedValues:
QueryString: "true"
Headers:
- Origin
- Host
Cookies:
Forward: none
ViewerProtocolPolicy: redirect-to-https
ViewerCertificate:
AcmCertificateArn: !Ref CdnCertificateArn
MinimumProtocolVersion: TLSv1.2_2021
SslSupportMethod: sni-only
LambdaEdgeFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./redirect-handler
AutoPublishAlias: live
EventInvokeConfig:
MaximumEventAgeInSeconds: 21600
MaximumRetryAttempts: 2
Handler: index.handler
Role: !GetAtt LambdaEdgeFunctionRole.Arn
Runtime: nodejs20.x
Timeout: 5
PackageType: Zip
Policies:
- Statement:
- Effect: !If [LogsEnabled, "Allow", "Deny"]
Action:
- logs:CreateLogGroup
Resource: !Sub arn:aws:logs:*:${AWS::AccountId}:*
- Effect: !If [LogsEnabled, "Allow", "Deny"]
Action:
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- !Sub arn:aws:logs:*:${AWS::AccountId}:log-group:/aws/lambda/*:*
LambdaEdgeFunctionRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: "AllowLambdaServiceToAssumeRole"
Effect: "Allow"
Action:
- "sts:AssumeRole"
Principal:
Service:
- "lambda.amazonaws.com"
- "edgelambda.amazonaws.com"
CloudFrontDNS:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Join ["", [!Ref ZoneName, .]]
Name: !Join ["", [!Ref ZoneSubdomain, ., !Ref ZoneName, .]]
Type: CNAME
TTL: "3600"
ResourceRecords:
- !GetAtt CFDistribution.DomainName
CloudFrontDNSBase:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: !Join ["", [!Ref ZoneName, .]]
Name: !Join ["", [!Ref ZoneName, .]]
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CFDistribution.DomainName
Outputs:
LambdaEdgeFunctionVersion:
Description: Lambda@Edge Sample Function ARN with Version
Value: !Ref LambdaEdgeFunction.Version
CFDistribution:
Description: Cloudfront Distribution Domain Name
Value: !GetAtt CFDistribution.DomainName