---
AWSTemplateFormatVersion: 2010-09-09

Description: Reference Architecture to host Moodle on AWS - Creates CloudFront distribution (if selected)

Metadata:

  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: AWS Parameters
      Parameters:
        - CloudFrontAcmCertificate
        - DomainName
        - PublicAlbDnsName
    ParameterLabels:
      CloudFrontAcmCertificate:
        default: CloudFront Certificate ARN
      PublicAlbDnsName:
        default: Public ALB DNS Name
      DomainName:
        default: Domain name of the Moodle site

Parameters:

  CloudFrontAcmCertificate:
    AllowedPattern: ^$|(arn:aws:acm:)([a-z0-9/:-])*([a-z0-9])$
    Description: '[ Optional ] The AWS Certification Manager certificate ARN for the CloudFront distribution certificate - this certificate should be created in the us-east-1 (N. Virginia) region and must reference the Moodle domain name you use below.'
    Type: String
  PublicAlbDnsName:
    Description: The public application load balancer dns name.
    Type: String
  DomainName:
    AllowedPattern: ^$|(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$
    Description: '[ Optional ] The main domain name of the Moodle site (e.g. moodle.example.edu).'
    Type: String

Conditions:

  SslCertificate:
    !Not [ !Equals [ '', !Ref CloudFrontAcmCertificate ] ]
  NoSslCertificate:
    !Equals [ '', !Ref CloudFrontAcmCertificate ]
  DomainName:
    !Not [ !Equals [ '', !Ref DomainName ] ]  
  NoDomainName:
    !Equals [ '', !Ref DomainName ]

Resources:

  CloudFrontDistributionNoSslCertificate:
    Type: AWS::CloudFront::Distribution
    Condition: NoSslCertificate
    Properties:
      DistributionConfig:
        Comment: !Ref 'AWS::StackName'
        DefaultCacheBehavior:
          AllowedMethods:
          - DELETE
          - GET
          - HEAD
          - OPTIONS
          - PATCH
          - POST
          - PUT
          DefaultTTL: 0
          MaxTTL: 0
          MinTTL: 0
          ForwardedValues:
            QueryString: true
            Headers:
            - '*'
            Cookies:
              Forward: all
          TargetOriginId: alb
          ViewerProtocolPolicy: redirect-to-https
          Compress: true
        Enabled: true
        Origins:
        - DomainName: !Ref PublicAlbDnsName
          Id: alb
          CustomOriginConfig:
            OriginProtocolPolicy: http-only
        PriceClass: PriceClass_All
        HttpVersion: http2and3
        ViewerCertificate:
          CloudFrontDefaultCertificate: true

  CloudFrontDistributionSslCertificate:
    Type: AWS::CloudFront::Distribution
    Condition: SslCertificate
    Properties:
      DistributionConfig:
        Aliases:
        - !If [ DomainName, !Ref DomainName, !Ref 'AWS::NoValue' ]
        Comment: !Ref 'AWS::StackName'
        DefaultCacheBehavior:
          AllowedMethods:
          - DELETE
          - GET
          - HEAD
          - OPTIONS
          - PATCH
          - POST
          - PUT
          DefaultTTL: 0
          MaxTTL: 0
          MinTTL: 0
          ForwardedValues:
            QueryString: true
            Headers:
            - '*'
            Cookies:
              Forward: all
          TargetOriginId: alb
          ViewerProtocolPolicy: redirect-to-https
          Compress: true
        Enabled: true
        Origins:
        - DomainName: !Ref PublicAlbDnsName
          Id: alb
          CustomOriginConfig:
            OriginProtocolPolicy: http-only
        PriceClass: PriceClass_All
        HttpVersion: http2and3
        ViewerCertificate:
          AcmCertificateArn: !Ref CloudFrontAcmCertificate
          SslSupportMethod: sni-only
          MinimumProtocolVersion: TLSv1.2_2019

Outputs:

  DnsName:
    Value: !If [ NoSslCertificate, !GetAtt CloudFrontDistributionNoSslCertificate.DomainName, !GetAtt CloudFrontDistributionSslCertificate.DomainName ]