I automated building a unique domain hosting environment with AWS CloudFormation 🎉
In my previous article, "Build a Unique Domain Hosting Environment with Amazon Route 53, AWS WAF, Amazon CloudFront, and Amazon S3," I tried to implement the contents of that article with AWS CloudFormation.
I've made the template available on GitHub, so please use it!
aws-cloudformation-templates-showcase
certificate-create.yml
AWSTemplateFormatVersion: 2010-09-09 Description: Certificate creation Parameters: DomainName: Description: Domain Name Type: String HostedZoneId: Description: Host Zone ID Type: String Resources: CertificateManagerCertificate: Type: AWS::CertificateManager::Certificate Properties: DomainName: !Sub ${DomainName} DomainValidationOptions: - DomainName: !Sub ${DomainName} HostedZoneId: !Sub ${HostedZoneId} ValidationMethod: DNS hosting.yml
AWSTemplateFormatVersion: 2010-09-09 Description: Build a Unique Domain Hosting Environment with Amazon Route 53, Amazon CloudFront, and Amazon S3 Parameters: DomainName: Description: Domain Name Type: String HostedZoneId: Description: Host Zone ID Type: String CertificateId: Description: Certificate ID Type: String Resources: S3Bucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub ${AWS::StackName}-${AWS::Region}-${AWS::AccountId} S3BucketPolicy: Type: AWS::S3::BucketPolicy DependsOn: - CloudFrontOriginAccessIdentity Properties: Bucket: !Sub ${S3Bucket} PolicyDocument: Statement: - Sid: PolicyForCloudFrontPrivateContent Effect: Allow Principal: AWS: !Sub arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity ${CloudFrontOriginAccessIdentity} Action: s3:GetObject Resource: !Sub arn:aws:s3:::${S3Bucket}/* CloudFrontOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: Unique Domain Hosting Environment CloudFrontDistribution: Type: AWS::CloudFront::Distribution DependsOn: - S3Bucket - CloudFrontOriginAccessIdentity Properties: DistributionConfig: Aliases: - !Sub ${DomainName} Origins: - DomainName: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com Id: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com S3OriginConfig: OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity} DefaultCacheBehavior: TargetOriginId: !Sub ${S3Bucket}.s3.${AWS::Region}.amazonaws.com Compress: true AllowedMethods: - HEAD - GET CachedMethods: - HEAD - GET ViewerProtocolPolicy: redirect-to-https CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6 CustomErrorResponses: - ErrorCode: 403 ResponsePagePath: /index.html ResponseCode: 200 ErrorCachingMinTTL: 0 - ErrorCode: 404 ResponsePagePath: /index.html ResponseCode: 200 ErrorCachingMinTTL: 0 PriceClass: PriceClass_All Enabled: true ViewerCertificate: AcmCertificateArn: !Sub arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/${CertificateId} MinimumProtocolVersion: TLSv1.2_2021 SslSupportMethod: sni-only Restrictions: GeoRestriction: RestrictionType: none HttpVersion: http2 DefaultRootObject: index.html IPV6Enabled: true Route53RecordSet: Type: AWS::Route53::RecordSet DependsOn: - CloudFrontDistribution Properties: Name: !Sub ${DomainName} HostedZoneId: !Sub ${HostedZoneId} Type: A AliasTarget: DNSName: !GetAtt CloudFrontDistribution.DomainName HostedZoneId: Z2FDTNDATAQYW2 Advance Preparation
Get a unique domain using Amazon Route 53
Make a note of the target domain name and host zone ID
How to build
- Auto-deploy SSL certificate in the specified region
- Auto-deploy unique domain hosting environment in any region
Auto-Deploy SSL Certificate in the Specified Region
First, we will auto-deploy an SSL certificate in the specified region. We need to create in the "us-east-1" region to use the SSL certificate with CloudFront.
Access CloudFormation with the region "us-east-1," and click "Stack" → “Create Stack” → "Use New Resource."
Select "Template ready" as a prerequisite. To specify the template, select "Upload template file" and upload the file → Click "Next." Use the CloudFormation template "certificate-create.yml."
Set the desired stack name, domain name, and host zone ID → Click "Next."
Set the stack options as default → Click "Next."
Confirm the settings → Click "Create Stack."
Confirm that the stack has been created.
Check the AWS Certificate Manager for the "us-east-1" region, and you will see that the SSL certificate has been created automatically. Note down the target "Certificate ID" for use in the next template.
Auto-Deploy Unique Domain Hosting Environment in Any Region
Finally, we will auto-deploy a unique domain hosting environment in any region.
Access CloudFormation in the region you want to deploy to. Click “Stack” → “Create Stack” → "Use New Resource."
For prerequisites, select "Template is ready." To specify the template, select "Upload template file" and upload the file → Click "Next." Use "hosting.yml" as the CloudFormation template.
Set the desired stack name, certificate ID, domain name, and host zone ID → Click "Next."
Set the stack options as default this time → Click "Next."
Confirm the settings → Click "Create Stack."
Confirm that the stack has been created.
Confirm that it has been automatically deployed to Amazon CloudFront.
Confirm that it has been automatically deployed to Amazon S3.
Upload the set of files you want to publish to the deployed S3 bucket.
When you access a unique domain, you will see the uploaded WebSite.
Using AWS CloudFormation, it is possible to automate the build of various resources such as unique domain hosting 💡
In the future, I'd like to experiment with AWS CDK, etc. to see how far each service configuration can be defined.
Related Articles
Top comments (0)