# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
  Template to deploy CloudFront and S3 bucket for UI code
Resources:
  CloudFrontOriginAccessIdentity:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: "Origin Access Identity for both CloudFront Distributions"
  AdminAppBucket:  
    Type: AWS::S3::Bucket
    DeletionPolicy : Retain
    Properties:
      PublicAccessBlockConfiguration: 
        BlockPublicAcls: True
        BlockPublicPolicy: True
        IgnorePublicAcls: True
        RestrictPublicBuckets: True
  AdminAppSiteReadPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref AdminAppBucket
      PolicyDocument:
        Statement:
        - Action: 's3:GetObject'
          Effect: Allow
          Resource: !Sub 'arn:aws:s3:::${AdminAppBucket}/*'
          Principal:
            CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
  AdminAppSite:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        #Aliases: 
         # - !Sub 'admin.${CustomDomainName}'
        CustomErrorResponses:
        # Needed to support angular routing
        - ErrorCode: 403 
          ResponseCode: 200
          ResponsePagePath: '/index.html'
        - ErrorCode: 404
          ResponseCode: 200
          ResponsePagePath: '/index.html'
        DefaultCacheBehavior:
          AllowedMethods:
          - GET
          - HEAD
          - OPTIONS
          CachedMethods:
          - GET
          - HEAD
          - OPTIONS
          Compress: true
          DefaultTTL: 3600 # in seconds
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: false
          MaxTTL: 86400 # in seconds
          MinTTL: 60 # in seconds
          TargetOriginId: adminapp-s3origin
          ViewerProtocolPolicy: 'allow-all'
        DefaultRootObject: 'index.html'
        Enabled: true
        HttpVersion: http2
        Origins:
        - DomainName: !GetAtt AdminAppBucket.RegionalDomainName
          Id: adminapp-s3origin
          S3OriginConfig:
            OriginAccessIdentity: !Join ["", ["origin-access-identity/cloudfront/", !Ref CloudFrontOriginAccessIdentity]] 
        PriceClass: 'PriceClass_All'     
Outputs:
  AdminBucket:
    Description: The name of the S3 Bucket for uploading the Admin Management site to
    Value: !Ref AdminAppBucket
  AdminAppSite:
    Description: The name of the CloudFront url for the Admin Management site
    Value: !GetAtt AdminAppSite.DomainName