-
Notifications
You must be signed in to change notification settings - Fork 2
/
quack-stanley.template.yaml
192 lines (183 loc) · 5.58 KB
/
quack-stanley.template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
AWSTemplateFormatVersion: 2010-09-09
Description: Create infrastructure to run Quack Stanley
Transform: AWS::Serverless-2016-10-31
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Configuration
Parameters:
- DomainName
- TLSCert
- Stage
- Label:
default: Application Storage
Parameters:
- DistBucket
- DataStorageBucket
- WebrootBucket
- WebrootAccessIdentityID
Parameters:
DomainName:
Type: String
Description: Domain for the application (hosted zone must exist and be registered)
Default: quackstanley.net
Stage:
Type: String
Description: Environment name
Default: prod
TLSCert:
Type: String
Description: ARN of TLS certificate in US-EAST-1 (must work for `${DomainName}` and `api.${DomainName}`)
WebrootAccessIdentityID:
Type: String
Description: ID of CloudFront origin access identity for webroot bucket access (check output of storage stack)
DistBucket:
Type: String
Description: S3 Bucket that will contain the backend artifacts
DataStorageBucket:
Type: String
Description: Name of the S3 bucket that will store application data
WebrootBucket:
Type: String
Description: Name of the S3 bucket that stores application static assets
Resources:
ApiGateway:
Type: AWS::Serverless::Api
Properties:
Cors:
AllowHeaders: "'Content-Type'"
AllowOrigin: !Sub "'https://${DomainName}'"
MaxAge: "'86400'"
DefinitionBody:
swagger: 2.0
info:
title: QuackStanley gateway
basePath: !Sub /${Stage}
schemes:
- https
paths:
/:
post:
responses: {}
x-amazon-apigateway-integration:
uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Backend.Arn}/invocations
httpMethod: POST
type: AWS_PROXY
passthroughBehavior: when_no_match
StageName: !Ref Stage
Variables:
ServerlessExpressLambdaFunctionName: !Ref Backend
BackendDomainName:
Type: AWS::ApiGateway::DomainName
Properties:
DomainName: !Sub api.${DomainName}
EndpointConfiguration:
Types:
- EDGE
CertificateArn: !Ref TLSCert
BackendBasePathMapping:
Type: AWS::ApiGateway::BasePathMapping
Properties:
DomainName: !Ref BackendDomainName
RestApiId: !Ref ApiGateway
Stage: !Ref Stage
Backend:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub quack-stanley-${Stage}
Description: Backend for Quack Stanley application
CodeUri:
Bucket: !Ref DistBucket
Key: !Sub quack-stanley/${Stage}/quack-stanley.zip
Handler: com.adamnfish.quackstanley.Main::handleRequest
Runtime: java17
Timeout: 20
MemorySize: 1024
Environment:
Variables:
APP_DATA_S3_BUCKET: !Ref DataStorageBucket
APP_STAGE: !Ref Stage
ORIGIN_LOCATION: !Sub https://${DomainName}
Events:
BackendEvent:
Type: Api
Properties:
RestApiId: !Ref ApiGateway
Path: /
Method: post
Policies:
- Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:ListBucket
Resource: !Sub arn:aws:s3:::${DataStorageBucket}
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
Resource: !Sub arn:aws:s3:::${DataStorageBucket}/*
Tags:
app: quack-stanley
stage: !Ref Stage
CDN:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Ref DomainName
Origins:
- Id: quack-stanley-static
DomainName: !Sub ${WebrootBucket}.s3.amazonaws.com
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${WebrootAccessIdentityID}
DefaultCacheBehavior:
AllowedMethods: [DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT]
CachedMethods: [HEAD, GET]
MinTTL: 3600
Compress: true
ForwardedValues:
QueryString: false
TargetOriginId: quack-stanley-static
ViewerProtocolPolicy: redirect-to-https
DefaultRootObject: index.html
CustomErrorResponses:
- ErrorCachingMinTTL: 5
ErrorCode: 404
PriceClass: PriceClass_100
Enabled: true
ViewerCertificate:
AcmCertificateArn: !Ref TLSCert
MinimumProtocolVersion: TLSv1
SslSupportMethod: sni-only
HttpVersion: http2
Tags:
- Key: app
Value: quack-stanley
- Key: stage
Value: !Ref Stage
DNS:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: !Sub ${DomainName}.
RecordSets:
- Name: !Sub ${DomainName}.
Type: A
AliasTarget:
# Zone ID is a magic string for CloudFront
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt CDN.DomainName
- Name: !Sub api.${DomainName}.
Type: A
AliasTarget:
# Zone ID is a magic string for CloudFront
HostedZoneId: Z2FDTNDATAQYW2
DNSName: !GetAtt BackendDomainName.DistributionDomainName
Outputs:
ApiUrl:
Description: Root URL for Quack Stanley's API
Value: !Sub https://${ApiGateway}.execute-api.${AWS::Region}.amazonaws.com/${Stage}/
ApiEdgeDns:
Description: DNS name for the API Gateway's domain
Value: !GetAtt BackendDomainName.DistributionDomainName