iDVB · April 24, 2020 17:15 · Apr 24, 2020
diff --git a/_redirects b/_redirects
@@ -0,0 +1,32 @@
+# Place this file in the route of your S3 bucket
+# https://www.npmjs.com/package/middy-reroute
+
+# Redirect with 301
+/home           /
+/google         https://www.google.com
+
+# Redirect with 302
+/my-redirect    /             302
+
+# Rewrite a path
+/pass-through   /index.html   200
+/*              /index.html   200
+
+# Custom 404
+/ecommerce      /closed       404
+
+# Placeholders
+/news/:year/:month/:date/:slug    /blog/:date/:month/:year/:slug
+
+# Splats
+/news/*   /blog/:splat
+
+# Proxying
+/api/*  https://api.example.com/:splat  200
+
+# Country
+/  /china   302  Country=cn,hk,tw
+/  /israel  302  Country=il
+
+# Language
+/china/*  /china/zh-cn/:splat  302  Language=zh
diff --git a/lambda.js b/lambda.js
@@ -0,0 +1,15 @@
+'use strict';
+
+const middy = require('middy');
+const { reroute } = require('middy-reroute'); // https://www.npmjs.com/package/middy-reroute
+
+const handler = middy((event, context, cb) => {
+  const request = !!event.Records ? event.Records[0].cf.request : event;
+  cb(null, request);
+}).use(
+  reroute({
+    cacheTtl: 2,
+  }),
+);
+
+module.exports = { handler };
diff --git a/template.yaml b/template.yaml
@@ -0,0 +1,127 @@
+Transform: AWS::Serverless-2016-10-31
+
+Globals:
+  Function:
+    Runtime: nodejs10.x
+    Handler: index.handler
+
+Parameters:
+  DomainParam:
+    Type: String
+    Description: Domain to be extended with subdomains Eg. domain.com or sub.domain.com
+  SSLCertARN:
+    Type: String
+    Description: WildCard SSL Certificate ARN
+
+Resources:
+  DefaultBucket:
+    Type: AWS::S3::Bucket
+  DefaultBucketPolicy:
+    Type: AWS::S3::BucketPolicy
+    Properties:
+      Bucket:
+        Ref: DefaultBucket
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          Effect: Allow
+          Principal:
+            AWS: !GetAtt OriginRequestRole.Arn
+            CanonicalUser: !GetAtt CloudfrontOAI.S3CanonicalUserId
+          Action:
+            - s3:ListBucket
+            - s3:GetObject
+          Resource:
+            - !Sub arn:aws:s3:::${DefaultBucket}
+            - !Sub arn:aws:s3:::${DefaultBucket}/*
+  OriginRequestFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: src/originrequest
+      MemorySize: 512
+      AutoPublishAlias: live
+      Role: !GetAtt OriginRequestRole.Arn
+  OriginRequestLogGroup:
+    Type: AWS::Logs::LogGroup
+    Properties:
+      LogGroupName: !Sub /aws/lambda/${OriginRequestFunction}
+      RetentionInDays: 3
+  OriginRequestRole:
+    Type: AWS::IAM::Role
+    Properties:
+      Path: /
+      RoleName: !Sub ${AWS::StackName}-originrequest-role
+      AssumeRolePolicyDocument:
+        Version: 2012-10-17
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+                - edgelambda.amazonaws.com
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: !Sub ${AWS::StackName}-originrequest-role
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action:
+                  - logs:CreateLogGroup
+                  - logs:CreateLogStream
+                  - logs:PutLogEvents
+                  - logs:DescribeLogStreams
+                Resource: arn:aws:logs:*:*:*
+  CloudfrontOAI:
+    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
+    Properties:
+      CloudFrontOriginAccessIdentityConfig:
+        Comment: !Sub Created for ${AWS::StackName}
+  CDN:
+    Type: AWS::CloudFront::Distribution
+    Properties:
+      DistributionConfig:
+        Aliases:
+          - !Sub "*.${DomainParam}"
+        ViewerCertificate:
+          AcmCertificateArn: !Ref SSLCertARN
+          SslSupportMethod: sni-only
+          MinimumProtocolVersion: TLSv1.2_2018
+        Enabled: true
+        HttpVersion: http2
+        PriceClass: PriceClass_All
+        IPV6Enabled: true
+        DefaultCacheBehavior:
+          AllowedMethods:
+            - DELETE
+            - GET
+            - HEAD
+            - OPTIONS
+            - PATCH
+            - POST
+            - PUT
+          CachedMethods:
+            - GET
+            - HEAD
+          Compress: true
+          ForwardedValues:
+            QueryString: true
+            Cookies:
+              Forward: none
+            Headers:
+              - Host
+              - CloudFront-Viewer-Country
+              - Accept-Language
+          DefaultTTL: 0
+          MaxTTL: 0
+          MinTTL: 0
+          TargetOriginId: WebsiteBucketOrigin
+          ViewerProtocolPolicy: redirect-to-https
+          LambdaFunctionAssociations:
+            - EventType: origin-request
+              LambdaFunctionARN: !Ref OriginRequestFunction.Version
+        Origins:
+          - DomainName: !GetAtt DefaultBucket.DomainName
+            Id: WebsiteBucketOrigin
+            S3OriginConfig:
+              OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudfrontOAI}
No results found