###
# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License Version 2.0 (the 'License').
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
#         http://www.apache.org/licenses/
#
# or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
##

AWSTemplateFormatVersion: 2010-09-09
Description: Amazon Connect VM Portal Stack
Parameters:
  DefaultRoot:
    Description: 'The default path for the index document.'
    Type: String
    Default: 'index.html'
  ErrorPage:
    Description: 'The path of the error page for the website.'
    Type: String
    Default: 'error.html'

Resources:
  PortalBucket:
    Type: AWS::S3::Bucket
    Properties:
      OwnershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerPreferred
      PublicAccessBlockConfiguration:
        BlockPublicAcls: True
        BlockPublicPolicy: True
        IgnorePublicAcls: True
        RestrictPublicBuckets: True
      WebsiteConfiguration:
        IndexDocument: !Ref DefaultRoot
        ErrorDocument: !Ref ErrorPage
  CloudFrontOriginAccessIdentity:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: !Ref PortalBucket
  PortalBucketReadPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref PortalBucket
      PolicyDocument:
        Statement:
          - Action: 's3:GetObject'
            Effect: Allow
            Resource: !Sub 'arn:aws:s3:::${PortalBucket}/*'
            Principal:
              CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId
  CloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        DefaultRootObject: !Sub '/${DefaultRoot}'
        Enabled: true
        HttpVersion: http2
        Origins:
          - DomainName: !GetAtt PortalBucket.DomainName
            Id: s3origin
            S3OriginConfig:
              OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}'
        PriceClass: PriceClass_All
        CustomErrorResponses:
          - ErrorCode: 403
            ResponseCode: 200
            ResponsePagePath: !Sub '/${DefaultRoot}'
          - ErrorCode: 404
            ResponseCode: 200
            ResponsePagePath: !Sub '/${DefaultRoot}'
        DefaultCacheBehavior:
          AllowedMethods:
            - GET
            - HEAD
            - OPTIONS
          CachedMethods:
            - GET
            - HEAD
            - OPTIONS
          Compress: true
          DefaultTTL: 3600
          ForwardedValues:
            Cookies:
              Forward: none
            QueryString: false
          MaxTTL: 86400
          MinTTL: 60
          TargetOriginId: s3origin
          ViewerProtocolPolicy: 'redirect-to-https'

Outputs:
  DefaultRoot:
    Value: !Ref DefaultRoot
  ErrorPage:
    Value: !Ref ErrorPage
  PortalBucketName:
    Value: !Ref PortalBucket
  PortalBucketRegion:
    Value: !Ref "AWS::Region"
  DistributionId:
    Value: !Ref CloudFrontDistribution
  DistributionDomainName:
    Value: !GetAtt CloudFrontDistribution.DomainName