AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: WebSiteBucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: Fn::Join: - '-' - - aws - Ref: AWS::Region - Ref: AWS::AccountId - Ref: AWS::StackName - website WebsiteConfiguration: IndexDocument: index.html ErrorDocument: index.html WebSiteBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: WebSiteBucket PolicyDocument: Statement: - Sid: AllowOriginAccessIdentityToGetObj Action: s3:GetObject Effect: Allow Resource: - Fn::Join: - '' - - Fn::GetAtt: - WebSiteBucket - Arn - /* Principal: AWS: - Fn::Join: - '' - - 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ' - Ref: OriginAccessIdentity OriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: For accessing ApplicationBucket WebsiteCDN: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Comment: CDN for S3-backed website Origins: - Id: s3-origin DomainName: Fn::GetAtt: - WebSiteBucket - DomainName S3OriginConfig: OriginAccessIdentity: Fn::Join: - '' - - origin-access-identity/cloudfront/ - Ref: OriginAccessIdentity Enabled: 'true' DefaultCacheBehavior: ForwardedValues: QueryString: 'true' TargetOriginId: s3-origin ViewerProtocolPolicy: redirect-to-https DefaultTTL: 0 MinTTL: 0 MaxTTL: 0 DefaultRootObject: index.html ViewerCertificate: CloudFrontDefaultCertificate: 'true' CustomErrorResponses: - ErrorCachingMinTTL: 0 ErrorCode: 403 ResponseCode: 200 ResponsePagePath: /index.html Outputs: WebSiteBucket: Value: Ref: WebSiteBucket DistributionId: Value: Ref: WebsiteCDN CloudFrontUrl: Value: Fn::GetAtt: - WebsiteCDN - DomainName