mirror of https://github.com/vapor/docs.git
118 lines
4.1 KiB
YAML
118 lines
4.1 KiB
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
Description: 'The documentation for Vapor'
|
|
Parameters:
|
|
DomainName:
|
|
Type: String
|
|
Description: The domain name for the site
|
|
AllowedPattern: (?!-)[a-zA-Z0-9-.]{1,63}(?<!-)
|
|
ConstraintDescription: Must be a valid DNS zone name.
|
|
AcmCertificateArn:
|
|
Type: String
|
|
Description: the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate.
|
|
AllowedPattern: "arn:aws:acm:.*"
|
|
S3BucketName:
|
|
Type: String
|
|
Description: Name for the bucket
|
|
Resources:
|
|
S3BucketForWebsiteContent:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketName: !Ref 'S3BucketName'
|
|
WebsiteConfiguration:
|
|
IndexDocument: index.html
|
|
# Redirect
|
|
ErrorDocument: /404.html
|
|
RoutingRules:
|
|
- RoutingRuleCondition:
|
|
HttpErrorCodeReturnedEquals: '404'
|
|
KeyPrefixEquals: /
|
|
RedirectRule:
|
|
HostName: !Ref 'DomainName'
|
|
- RoutingRuleCondition:
|
|
KeyPrefixEquals: "4.0/"
|
|
RedirectRule:
|
|
HostName: !Ref 'DomainName'
|
|
HttpRedirectCode: 301
|
|
Protocol: "https"
|
|
ReplaceKeyPrefixWith: ""
|
|
WebsiteCloudfront:
|
|
Type: AWS::CloudFront::Distribution
|
|
Properties:
|
|
DistributionConfig:
|
|
Comment: Cloudfront Distribution pointing to S3 bucket
|
|
Origins:
|
|
- DomainName: !Join [ '', !Split [ 'http://', !GetAtt 'S3BucketForWebsiteContent.WebsiteURL' ] ]
|
|
Id: S3Origin
|
|
CustomOriginConfig:
|
|
OriginProtocolPolicy: 'http-only'
|
|
Enabled: true
|
|
HttpVersion: 'http2'
|
|
Aliases:
|
|
- !Ref 'DomainName'
|
|
CustomErrorResponses:
|
|
- ErrorCode: 403
|
|
ResponseCode: 404
|
|
ResponsePagePath: /404.html
|
|
DefaultCacheBehavior:
|
|
AllowedMethods:
|
|
- GET
|
|
- HEAD
|
|
- OPTIONS
|
|
Compress: true
|
|
TargetOriginId: S3Origin
|
|
ForwardedValues:
|
|
QueryString: false
|
|
Cookies:
|
|
Forward: none
|
|
ViewerProtocolPolicy: redirect-to-https
|
|
ResponseHeadersPolicyId: !Ref WebsiteCloudFrontPolicies
|
|
PriceClass: PriceClass_All
|
|
ViewerCertificate:
|
|
AcmCertificateArn: !Ref 'AcmCertificateArn'
|
|
SslSupportMethod: sni-only
|
|
WebsiteCloudFrontPolicies:
|
|
Type: AWS::CloudFront::ResponseHeadersPolicy
|
|
Properties:
|
|
ResponseHeadersPolicyConfig:
|
|
Name: Docs-Security-Header-Policy
|
|
Comment: The Vapor Docs security header policy
|
|
CustomHeadersConfig:
|
|
Items:
|
|
- Header: Permissions-Policy
|
|
Value: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
|
|
Override: false
|
|
- Header: server
|
|
Value: 'Vapor Docs'
|
|
Override: true
|
|
- Header: Content-Security-Policy-Report-Only
|
|
Value: default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self'; connect-src 'self'
|
|
Override: false
|
|
SecurityHeadersConfig:
|
|
#ContentSecurityPolicy:
|
|
# ContentSecurityPolicy: default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self'; font-src 'self'; connect-src 'self'
|
|
# Override: false
|
|
ContentTypeOptions:
|
|
Override: false
|
|
FrameOptions:
|
|
FrameOption: DENY
|
|
Override: false
|
|
ReferrerPolicy:
|
|
ReferrerPolicy: strict-origin-when-cross-origin
|
|
Override: false
|
|
StrictTransportSecurity:
|
|
AccessControlMaxAgeSec: 63072000
|
|
IncludeSubdomains: true
|
|
Preload: false
|
|
Override: false
|
|
XSSProtection:
|
|
ModeBlock: true
|
|
Protection: true
|
|
Override: false
|
|
Outputs:
|
|
CloudfrontURL:
|
|
Description: 'Cloudfront URL'
|
|
Value: !GetAtt WebsiteCloudfront.DomainName
|
|
BucketName:
|
|
Description: 'Name of S3 bucket to hold website content'
|
|
Value: !Ref 'S3BucketForWebsiteContent'
|