AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: ############################################### ######### Web Site bucket ##################### ############################################## WebSiteBucket: Type: 'AWS::S3::Bucket' DeletionPolicy: Retain Properties: BucketName: !Join ['-', [aws, !Ref 'AWS::Region', !Ref 'AWS::AccountId', !Ref 'AWS::StackName', 'website']] WebsiteConfiguration: IndexDocument: 'index.html' ErrorDocument: 'index.html' WebSiteBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: WebSiteBucket PolicyDocument: Statement: - Sid: AllowOriginAccessIdentityToGetObj Action: "s3:GetObject" Effect: Allow Resource: - !Join ["", [!GetAtt WebSiteBucket.Arn, "/*"]] Principal: AWS: - !Join ["", ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ", !Ref OriginAccessIdentity]] ############################################### ######### CloudFront ##################### ############################################## OriginAccessIdentity: Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity' Properties: CloudFrontOriginAccessIdentityConfig: Comment: "For accessing ApplicationBucket" WebsiteCDN: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Comment: CDN for S3-backed website Origins: - Id: s3-origin DomainName: !GetAtt WebSiteBucket.DomainName S3OriginConfig: OriginAccessIdentity: !Join ["", ["origin-access-identity/cloudfront/", !Ref OriginAccessIdentity]] Enabled: 'true' DefaultCacheBehavior: ForwardedValues: QueryString: 'true' TargetOriginId: s3-origin ViewerProtocolPolicy: redirect-to-https DefaultTTL: 0 MinTTL: 0 MaxTTL: 0 DefaultRootObject: index.html ViewerCertificate: CloudFrontDefaultCertificate: 'true' CustomErrorResponses: - ErrorCachingMinTTL: 0 ErrorCode: 403 ResponseCode: 200 ResponsePagePath: '/index.html' Outputs: WebSiteBucket: Value: !Ref WebSiteBucket DistributionId: Value: !Ref WebsiteCDN CloudFrontUrl: Value: !GetAtt WebsiteCDN.DomainName