AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Serverless website Resources: CloudFrontOriginAccessIdentity: Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity' Properties: CloudFrontOriginAccessIdentityConfig: Comment: 'Serverless website OA' CloudfrontDistribution: Type: "AWS::CloudFront::Distribution" Properties: DistributionConfig: Comment: "Cloudfront distribution for serverless website" DefaultRootObject: "index.html" Enabled: true HttpVersion: http2 # List of origins that Cloudfront will connect to Origins: - Id: s3-website DomainName: !GetAtt S3Bucket.DomainName S3OriginConfig: # Restricting Bucket access through an origin access identity OriginAccessIdentity: Fn::Sub: 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}' # To connect the CDN to the origins you need to specify behaviours DefaultCacheBehavior: # Compress resources automatically ( gzip ) Compress: 'true' AllowedMethods: - GET - HEAD - OPTIONS ForwardedValues: QueryString: false TargetOriginId: s3-website ViewerProtocolPolicy : redirect-to-https S3Bucket: Type: AWS::S3::Bucket Properties: # Change bucket name to reflect your website BucketName: !Sub "hosting-ivs-manifest-clip${AWS::AccountId}" S3BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref S3Bucket PolicyDocument: # Restricting access to cloudfront only. Statement: - Effect: Allow Action: 's3:GetObject' Resource: - !Sub "arn:aws:s3:::${S3Bucket}/*" Principal: AWS: !Sub "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOriginAccessIdentity}" Outputs: CloudfrontDistribution: Description: "Amazon CloudFront Domain Name" Value: !Sub "https://${CloudfrontDistribution.DomainName}" S3Bucket: Description: "S3 bucket" Value: !Ref S3Bucket