I automated building a unique domain hosting environment with AWS CloudFormation 🎉
In my previous article, "Build a Unique Domain Hosting Environment with Amazon Route 53, AWS WAF, Amazon CloudFront, and Amazon S3," I tried to implement the contents of that article with AWS CloudFormation.
I've made the template available on GitHub, so please use it!
aws-cloudformation-templates-showcase
certificate-create.yml
AWSTemplateFormatVersion: 2010-09-09
Description: Certificate creation
Parameters:
DomainName:
Description: Domain Name
Type: String
HostedZoneId:
Description: Host Zone ID
Type: String
Resources:
CertificateManagerCertificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub ${DomainName}
DomainValidationOptions:
-
DomainName: !Sub ${DomainName}
HostedZoneId: !Sub ${HostedZoneId}
ValidationMethod: DNS
hosting.yml
AWSTemplateFormatVersion: 2010-09-09
Description: Build a Unique Domain Hosting Environment with Amazon Route 53, Amazon CloudFront, and Amazon S3
Parameters:
DomainName:
Description: Domain Name
Type: String
HostedZoneId:
Description: Host Zone ID
Type: String
CertificateId:
Description: Certificate ID
Type: String
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub ${AWS::StackName}-${AWS::Region}-${AWS::AccountId}
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
DependsOn:
- CloudFrontOriginAccessIdentity
Properties:
Bucket: !Sub ${S3Bucket}
PolicyDocument:
Statement:
-
Sid: PolicyForCloudFrontPrivateContent
Effect: Allow
Principal:
AWS: !Sub arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOriginAccessIdentity}
Action: s3:GetObject
Resource: !Sub arn:aws:s3:::${S3Bucket}/*
CloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: Unique Domain Hosting Environment
CloudFrontDistribution:
Type: AWS::CloudFront::Distribution
DependsOn:
- S3Bucket
- CloudFrontOriginAccessIdentity
Properties:
DistributionConfig:
Aliases:
- !Sub ${DomainName}
Origins:
-
DomainName: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com
Id: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com
S3OriginConfig:
OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}
DefaultCacheBehavior:
TargetOriginId: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com
Compress: true
AllowedMethods:
- HEAD
- GET
CachedMethods:
- HEAD
- GET
ViewerProtocolPolicy: redirect-to-https
CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
CustomErrorResponses:
-
ErrorCode: 403
ResponsePagePath: /index.html
ResponseCode: 200
ErrorCachingMinTTL: 0
-
ErrorCode: 404
ResponsePagePath: /index.html
ResponseCode: 200
ErrorCachingMinTTL: 0
PriceClass: PriceClass_All
Enabled: true
ViewerCertificate:
AcmCertificateArn: !Sub arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/${CertificateId}
MinimumProtocolVersion: TLSv1.2_2021
SslSupportMethod: sni-only
Restrictions:
GeoRestriction:
RestrictionType: none
HttpVersion: http2
DefaultRootObject: index.html
IPV6Enabled: true
Route53RecordSet:
Type: AWS::Route53::RecordSet
DependsOn:
- CloudFrontDistribution
Properties:
Name: !Sub ${DomainName}
HostedZoneId: !Sub ${HostedZoneId}
Type: A
AliasTarget:
DNSName: !GetAtt CloudFrontDistribution.DomainName
HostedZoneId: Z2FDTNDATAQYW2
Advance Preparation
Get a unique domain using Amazon Route 53
Make a note of the target domain name and host zone ID
How to build
- Auto-deploy SSL certificate in the specified region
- Auto-deploy unique domain hosting environment in any region
Auto-Deploy SSL Certificate in the Specified Region
First, we will auto-deploy an SSL certificate in the specified region. We need to create in the "us-east-1" region to use the SSL certificate with CloudFront.
Access CloudFormation with the region "us-east-1," and click "Stack" → “Create Stack” → "Use New Resource."
Select "Template ready" as a prerequisite. To specify the template, select "Upload template file" and upload the file → Click "Next." Use the CloudFormation template "certificate-create.yml."
Set the desired stack name, domain name, and host zone ID → Click "Next."
Set the stack options as default → Click "Next."
Confirm the settings → Click "Create Stack."
Confirm that the stack has been created.
Check the AWS Certificate Manager for the "us-east-1" region, and you will see that the SSL certificate has been created automatically. Note down the target "Certificate ID" for use in the next template.
Auto-Deploy Unique Domain Hosting Environment in Any Region
Finally, we will auto-deploy a unique domain hosting environment in any region.
Access CloudFormation in the region you want to deploy to. Click “Stack” → “Create Stack” → "Use New Resource."
For prerequisites, select "Template is ready." To specify the template, select "Upload template file" and upload the file → Click "Next." Use "hosting.yml" as the CloudFormation template.
Set the desired stack name, certificate ID, domain name, and host zone ID → Click "Next."
Set the stack options as default this time → Click "Next."
Confirm the settings → Click "Create Stack."
Confirm that the stack has been created.
Confirm that it has been automatically deployed to Amazon CloudFront.
Confirm that it has been automatically deployed to Amazon S3.
Upload the set of files you want to publish to the deployed S3 bucket.
When you access a unique domain, you will see the uploaded WebSite.
Using AWS CloudFormation, it is possible to automate the build of various resources such as unique domain hosting 💡
In the future, I'd like to experiment with AWS CDK, etc. to see how far each service configuration can be defined.
Related Articles