--- AWSTemplateFormatVersion: 2010-09-09 Description: AWS SaaS Factory Bootcamp Web Client Parameters: BootcampBucket: Description: The S3 bucket with bootcamp resources Type: String WebsiteBucket: Description: The S3 bucket to host the web client from Type: String CodeBuildRoleArn: Description: The CodeBuild IAM role ARN Type: String LambdaCodeBuildStartBuildArn: Description: The Lambda function ARN to start a CodeBuild project Type: String ServiceUrl: Description: API Gateway endpoint URL in front of the microservices Type: String Resources: ConsoleOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: !Sub access-identity-${WebsiteBucket} CloudFrontDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: DefaultRootObject: index.html Enabled: true IPV6Enabled: false HttpVersion: http2 Origins: - Id: !Sub S3-Website-${WebsiteBucket} DomainName: !Sub ${WebsiteBucket}.s3.${AWS::Region}.amazonaws.com S3OriginConfig: OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${ConsoleOriginAccessIdentity} CustomErrorResponses: - ErrorCode: 403 ResponseCode: 200 ResponsePagePath: /index.html DefaultCacheBehavior: AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT CachedMethods: - GET - HEAD - OPTIONS TargetOriginId: !Sub S3-Website-${WebsiteBucket} ViewerProtocolPolicy: redirect-to-https Compress: true ForwardedValues: Headers: - Origin - Access-Control-Request-Headers - Access-Control-Request-Method QueryString: false WebBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref WebsiteBucket PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: CanonicalUser: !GetAtt ConsoleOriginAccessIdentity.S3CanonicalUserId Action: s3:GetObject Resource: !Sub arn:aws:s3:::${WebsiteBucket}/* - Effect: Deny Action: s3:* Principal: '*' Resource: - !Sub arn:aws:s3:::${WebsiteBucket}/* - !Sub arn:aws:s3:::${WebsiteBucket} Condition: Bool: {'aws:SecureTransport': false} CodeBuildLogs: Type: AWS::Logs::LogGroup Properties: LogGroupName: /aws/codebuild/saas-bootcamp-web-client RetentionInDays: 7 CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: saas-bootcamp-web-client Tags: - Key: Name Value: saas-bootcamp-web-client ServiceRole: !Ref CodeBuildRoleArn TimeoutInMinutes: 10 Artifacts: Type: NO_ARTIFACTS Environment: ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0 Type: LINUX_CONTAINER EnvironmentVariables: - Name: BOOTCAMP_BUCKET Value: !Ref BootcampBucket - Name: WEBSITE_BUCKET Value: !Ref WebsiteBucket - Name: SERVICE_URL Value: !Ref ServiceUrl Source: Type: NO_SOURCE BuildSpec: | version: 0.2 phases: pre_build: commands: - n 16 - aws s3 cp --recursive s3://$BOOTCAMP_BUCKET/source/web-client ./web-client - sed -i -e "s#DOMAIN_URL#$SERVICE_URL#g" ./web-client/app/scripts/constants.js build: commands: - cd web-client - npm install - npm install grunt-cli - ./node_modules/bower/bin/bower install --allow-root - ./node_modules/grunt-cli/bin/grunt build - cd ../ post_build: commands: - aws s3 sync --delete --cache-control no-store ./web-client/dist/ s3://$WEBSITE_BUCKET/ InvokeLambdaCodeBuildStartBuild: Type: Custom::CustomResource DependsOn: - CodeBuildProject Properties: ServiceToken: !Ref LambdaCodeBuildStartBuildArn Project: saas-bootcamp-web-client Outputs: WebAppUrl: Description: Web application URL Value: !Sub https://${CloudFrontDistribution.DomainName} ...