AWSTemplateFormatVersion: '2010-09-09' Parameters: WebsiteBucketName: Type: String Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)" Default: "naputo-blog-public" Resources: AddIndexFunction: Type: AWS::CloudFront::Function Properties: Name: "AddIndexFunction" AutoPublish: true FunctionConfig: Comment: "Appends index.html for directory URIs" Runtime: cloudfront-js-1.0 FunctionCode: | function handler(event) { var request = event.request; var uri = request.uri; if (uri.endsWith("/")) { request.uri += "index.html"; } else if (uri === "") { request.uri = "/index.html"; } return request; } BlogOriginAccessControl: Type: AWS::CloudFront::OriginAccessControl Properties: OriginAccessControlConfig: Name: "MyBlogOAC" OriginAccessControlOriginType: s3 SigningBehavior: always SigningProtocol: sigv4 BlogCloudFrontDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Enabled: true DefaultRootObject: index.html Origins: - Id: S3WebsiteOrigin DomainName: !Sub "${WebsiteBucketName}.s3.amazonaws.com" OriginAccessControlId: !Ref BlogOriginAccessControl S3OriginConfig: {} DefaultCacheBehavior: TargetOriginId: S3WebsiteOrigin ViewerProtocolPolicy: redirect-to-https AllowedMethods: - GET - HEAD CachedMethods: - GET - HEAD ForwardedValues: QueryString: false Cookies: Forward: none FunctionAssociations: - EventType: viewer-request FunctionARN: !GetAtt AddIndexFunction.FunctionARN Aliases: - blog.n-daisuke897.com ViewerCertificate: AcmCertificateArn: !Sub "arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/4d3e8182-71e0-4ccb-a437-36523f61a6c0" SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2021 PriceClass: PriceClass_200 Outputs: IdBlogCloudFrontDistribution: Value: !Ref BlogCloudFrontDistribution Export: Name: BlogCloudFrontDistribution-ID