FilipBartos · April 12, 2021 10:55 · Apr 12, 2021
diff --git a/template.yaml b/template.yaml
@@ -0,0 +1,87 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Description: >
+  Redirecting naked (apex) domain to full domain example
+  
+Parameters:
+  DomainName:
+    Description: Naked (apex) name of the domain
+    Type: String
+  Certificate:
+    Description: SSL Certificate Arn
+    Type: String
+
+Mappings:
+  Region2S3WebsiteSuffix:
+    us-east-1:
+      Suffix: .s3-website-us-east-1.amazonaws.com
+    us-west-1:
+      Suffix: .s3-website-us-west-1.amazonaws.com
+    us-west-2:
+      Suffix: .s3-website-us-west-2.amazonaws.com
+    eu-west-1:
+      Suffix: .s3-website-eu-west-1.amazonaws.com
+    ap-northeast-1:
+      Suffix: .s3-website-ap-northeast-1.amazonaws.com
+    ap-northeast-2:
+      Suffix: .s3-website-ap-northeast-2.amazonaws.com
+    ap-southeast-1:
+      Suffix: .s3-website-ap-southeast-1.amazonaws.com
+    ap-southeast-2:
+      Suffix: .s3-website-ap-southeast-2.amazonaws.com
+    ap-south-1:
+      Suffix: .s3-website-ap-south-1.amazonaws.com
+    us-east-2:
+      Suffix: .s3-website-us-east-2.amazonaws.com
+    sa-east-1:
+      Suffix: .s3-website-sa-east-1.amazonaws.com
+    cn-north-1:
+      Suffix: .s3-website.cn-north-1.amazonaws.com.cn
+    eu-central-1:
+      Suffix: .s3-website.eu-central-1.amazonaws.com
+
+Resources:
+  NakedWebsiteBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Sub "www.${DomainName}"
+      WebsiteConfiguration:
+        RedirectAllRequestsTo:
+          HostName: !Sub "www.${DomainName}"
+          Protocol: https
+
+  NakedCloudfrontDistribution:
+    Type: "AWS::CloudFront::Distribution"
+    DependsOn: NakedWebsiteBucket
+    Properties:
+      DistributionConfig:
+        Comment: !Sub "$(DomainName) -> www.${DomainName}"
+        Enabled: true
+        HttpVersion: http2
+        Aliases:
+            - !Ref DomainName
+        ViewerCertificate:
+          AcmCertificateArn: !Ref Certificate
+          MinimumProtocolVersion: TLSv1.1_2016
+          SslSupportMethod: sni-only
+        Origins:
+          - Id: !Sub "s3-${DomainName}"
+            # NakedWebsiteBucket.WebsiteURL returns S3 endpoint that includes protocol
+            # DomainName must be S3 endpoint without protocol (nakedbucket.s3-website.region.amazonaws.com)
+            DomainName: !Join ['', [!Ref 'NakedWebsiteBucket', !FindInMap [Region2S3WebsiteSuffix,
+                !Ref 'AWS::Region', Suffix]]]
+            CustomOriginConfig:
+              # S3 endpoints doesn't support https protocol
+              # https-only -> cloudfront will return HTTP 504 status (Gateway Timeout)
+              OriginProtocolPolicy: http-only
+        DefaultCacheBehavior:
+          Compress: 'true'
+          AllowedMethods:
+            - GET
+            - HEAD
+            - OPTIONS
+          ForwardedValues:
+            QueryString: true
+          TargetOriginId: !Sub "s3-${DomainName}"
+          ViewerProtocolPolicy : redirect-to-https
+