nakada0907/n-daisuke-blog-deployment-source
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: change cloudformation templates of cloudfront and codepipeline

Browse source
This commit is contained in:
Daisuke Nakahara 2025-05-14 21:25:42 +09:00
parent c352d43605
commit aa1f4a91bf
2 changed files with 46 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

32
template-cloudfront.yaml
View file

@ -8,6 +8,26 @@ Parameters:
Resources: Resources:
AddIndexFunction:
Type: AWS::CloudFront::Function
Properties:
Name: "AddIndexFunction"
AutoPublish: true
FunctionConfig:
Comment: "Appends index.html for directory URIs"
Runtime: cloudfront-js-1.0
FunctionCode: |
function handler(event) {
var request = event.request;
var uri = request.uri;
if (uri.endsWith("/")) {
request.uri += "index.html";
} else if (uri === "") {
request.uri = "/index.html";
}
return request;
}
BlogOriginAccessControl: BlogOriginAccessControl:
Type: AWS::CloudFront::OriginAccessControl Type: AWS::CloudFront::OriginAccessControl
Properties: Properties:
@ -22,6 +42,7 @@ Resources:
Properties: Properties:
DistributionConfig: DistributionConfig:
Enabled: true Enabled: true
DefaultRootObject: index.html
Origins: Origins:
- Id: S3WebsiteOrigin - Id: S3WebsiteOrigin
DomainName: !Sub "${WebsiteBucketName}.s3.amazonaws.com" DomainName: !Sub "${WebsiteBucketName}.s3.amazonaws.com"
@ -40,10 +61,19 @@ Resources:
QueryString: false QueryString: false
Cookies: Cookies:
Forward: none Forward: none
FunctionAssociations:
- EventType: viewer-request
FunctionARN: !GetAtt AddIndexFunction.FunctionARN
Aliases: Aliases:
- blog.n-daisuke897.com - blog.n-daisuke897.com
ViewerCertificate: ViewerCertificate:
AcmCertificateArn: "arn:aws:acm:us-east-1:692859919890:certificate/4d3e8182-71e0-4ccb-a437-36523f61a6c0" AcmCertificateArn: !Sub "arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/4d3e8182-71e0-4ccb-a437-36523f61a6c0"
SslSupportMethod: sni-only SslSupportMethod: sni-only
MinimumProtocolVersion: TLSv1.2_2021 MinimumProtocolVersion: TLSv1.2_2021
PriceClass: PriceClass_200 PriceClass: PriceClass_200
Outputs:
IdBlogCloudFrontDistribution:
Value: !Ref BlogCloudFrontDistribution
Export:
Name: BlogCloudFrontDistribution-ID

23
template-codepipeline.yaml
View file

@ -12,14 +12,11 @@ Resources:
Type: AWS::S3::Bucket Type: AWS::S3::Bucket
Properties: Properties:
BucketName: !Ref BucketName BucketName: !Ref BucketName
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
PublicAccessBlockConfiguration: PublicAccessBlockConfiguration:
BlockPublicAcls: false BlockPublicAcls: true
BlockPublicPolicy: false BlockPublicPolicy: true
IgnorePublicAcls: false IgnorePublicAcls: true
RestrictPublicBuckets: false RestrictPublicBuckets: true
WebsiteBucketPolicy: WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy Type: AWS::S3::BucketPolicy
@ -36,12 +33,20 @@ Resources:
- s3:PutObject - s3:PutObject
- s3:DeleteObject - s3:DeleteObject
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*" Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
- Sid: PublicReadGetObject - Sid: AllowCloudFrontOACGetObject
Effect: Allow Effect: Allow
Principal: "*" Principal:
Service: cloudfront.amazonaws.com
Action: Action:
- s3:GetObject - s3:GetObject
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*" Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
Condition:
StringEquals:
AWS:SourceArn:
Fn::Sub:
- arn:aws:cloudfront::${AWS::AccountId}:distribution/${MyCloudFrontDistribution}
- MyCloudFrontDistribution:
Fn::ImportValue: BlogCloudFrontDistribution-ID
CodeBuildServiceRole: CodeBuildServiceRole:
Type: AWS::IAM::Role Type: AWS::IAM::Role