forked from rolling-scopes-school/nodejs-aws-fe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathserverless.yml
130 lines (120 loc) · 4.73 KB
/
serverless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
service: fe-app-serverless
# app and org for use with dashboard.serverless.com
#app: your-app-name
#org: your-org-name
frameworkVersion: '2'
provider:
name: aws
runtime: nodejs12.x
#lambdaHashingVersion: 20201221
plugins:
- serverless-finch
- serverless-single-page-app-plugin
custom:
client:
bucketName: fe-app-bucket-second
distributionFolder: build
#serverless-single-page-app-plugin config
s3LocalPath: ${self:custom.client.distributionFolder}/
s3BucketName: ${self:custom.client.bucketName}
# you can add CloudFormation resource templates here
resources:
Resources:
## Specifying the S3 Bucket
WebAppS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.s3BucketName}
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: index.html
# VersioningConfiguration:
# Status: Enabled
## Specifying the policies to make sure all files inside the Bucket are avaialble to CloudFront
WebAppS3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: WebAppS3Bucket
PolicyDocument:
Statement:
- Sid: 'AllowCloudFrontAccessIdentity'
Effect: Allow
Action: s3:GetObject
Resource: arn:aws:s3:::${self:custom.s3BucketName}/*
Principal:
AWS:
Fn::Join:
- ' '
- - 'arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity'
- !Ref OriginAccessIdentity
OriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: Access identity between CloudFront and S3 bucket
## Specifying the CloudFront Distribution to server your Web Application
WebAppCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: ${self:custom.s3BucketName}.s3.amazonaws.com
## An identifier for the origin which must be unique within the distribution
Id: myS3Origin
## In case you don't want to restrict the bucket access use CustomOriginConfig and remove S3OriginConfig
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${OriginAccessIdentity}
# CustomOriginConfig:
# HTTPPort: 80
# HTTPSPort: 443
# OriginProtocolPolicy: https-only
Enabled: true
IPV6Enabled: true
HttpVersion: http2
## Uncomment the following section in case you are using a custom domain
# Aliases:
# - mysite.example.com
DefaultRootObject: index.html
## Since the Single Page App is taking care of the routing we need to make sure ever path is served with index.html
## The only exception are files that actually exist e.h. app.js, reset.css
CustomErrorResponses:
- ErrorCode: 404
ResponseCode: 200
ResponsePagePath: /index.html
DefaultCacheBehavior:
AllowedMethods: [ 'GET', 'HEAD', 'OPTIONS' ]
CachedMethods: [ 'GET', 'HEAD', 'OPTIONS' ]
ForwardedValues:
Headers:
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Origin
- Authorization
## Defining if and how the QueryString and Cookies are forwarded to the origin which in this case is S3
QueryString: false
Cookies:
Forward: none
## The origin id defined above
TargetOriginId: myS3Origin
## The protocol that users can use to access the files in the origin. To allow HTTP use `allow-all`
ViewerProtocolPolicy: redirect-to-https
Compress: true
DefaultTTL: 0
## The certificate to use when viewers use HTTPS to request objects.
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
## Uncomment the following section in case you want to enable logging for CloudFront requests
# Logging:
# IncludeCookies: 'false'
# Bucket: mylogs.s3.amazonaws.com
# Prefix: myprefix
## In order to print out the hosted domain via `serverless info` we need to define the DomainName output for CloudFormation
Outputs:
WebAppS3BucketOutput:
Value:
'Ref': WebAppS3Bucket
WebAppCloudFrontDistributionOutput:
Value:
'Fn::GetAtt': [ WebAppCloudFrontDistribution, DomainName ]