JuanCanham/juan-canham-resume
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Juan Canham
2020-03-17 03:54:15 +00:00
commit 83033b0cb6
35 changed files with 1554 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
deploy/cloudformation/certificate.yaml Normal file
View File

@ -0,0 +1,22 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Template for an SSL certificate (must be deployed in us-east-1 for cloudfront)
Metadata:
License: magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
Parameters:
SiteName:
Type: String
Description: Name for the site
AllowedPattern: '[a-zA-Z0-9-.]{1,63}'
ConstraintDescription: must be a valid DNS name.
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Ref SiteName
ValidationMethod: DNS
Outputs:
CertificateARN:
Value: !Ref Certificate

94
deploy/cloudformation/roles.yaml Normal file
View File

@ -0,0 +1,94 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Iam Roles for account running a static S3 website with cloudfront (IAMAdmin, Admin, S3Admin/User)
Metadata:
License: magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
Resources:
IAMAdmin:
Type: AWS::IAM::Role
Properties:
RoleName: IAMAdmin
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::aws:policy/IAMFullAccess
- arn:aws:iam::aws:policy/ReadOnlyAccess
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: arn:aws:iam::212707113393:root
Action: sts:AssumeRole
- Effect: Allow
Principal:
Federated:
- !Sub arn:aws:iam::${AWS::AccountId}:saml-provider/Google
Action: sts:AssumeRoleWithSAML
Condition:
StringEquals:
SAML:aud: https://signin.aws.amazon.com/saml
Admin:
Type: AWS::IAM::Role
Properties:
RoleName: Admin
ManagedPolicyArns:
- arn:aws:iam::aws:policy/ReadOnlyAccess
- arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AmazonRoute53FullAccess
- arn:aws:iam::aws:policy/CloudFrontFullAccess
- arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: arn:aws:iam::212707113393:root
Action: sts:AssumeRole
- Effect: Allow
Principal:
Federated:
- !Sub arn:aws:iam::${AWS::AccountId}:saml-provider/Google
Action: sts:AssumeRoleWithSAML
Condition:
StringEquals:
SAML:aud: https://signin.aws.amazon.com/saml
User:
Type: AWS::IAM::Role
Properties:
RoleName: User
ManagedPolicyArns:
- arn:aws:iam::aws:policy/ReadOnlyAccess
- !Ref UserPolicy
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
AWS: arn:aws:iam::212707113393:root
Action: sts:AssumeRole
- Effect: Allow
Principal:
Federated:
- !Sub arn:aws:iam::${AWS::AccountId}:saml-provider/Google
Action: sts:AssumeRoleWithSAML
Condition:
StringEquals:
SAML:aud: https://signin.aws.amazon.com/saml
UserPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Grants Access to Created/Update/Delete S3 Objects & Clear Cloudfront caches
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:DeleteObject
- s3:PutObject
Resource: 'arn:aws:s3:::*/*'
- Effect: Allow
Action: cloudfront:CreateInvalidation
Resource: '*'

99
deploy/cloudformation/site.yaml Normal file
View File

@ -0,0 +1,99 @@
AWSTemplateFormatVersion: '2010-09-09'
Description: Template will deploy an s3 bucket, Route53Zone & SSL certificate to host a static website
Metadata:
License: magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
Parameters:
SiteName:
Type: String
Description: Name for the site
AllowedPattern: '[a-zA-Z0-9-.]{1,63}'
ConstraintDescription: must be a valid DNS name.
CertificateARN:
Type: String
Resources:
Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Join [-, !Split [., !Ref SiteName]]
AccessControl: PublicRead
WebsiteConfiguration:
ErrorDocument: resume.html
IndexDocument: resume.html
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Bucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: PublicReadGetObject
Effect: Allow
Principal: '*'
Action: s3:GetObject
Resource:
- !Sub ${Bucket.Arn}/*
Route53Zone:
Type: AWS::Route53::HostedZone
Properties:
HostedZoneConfig:
Comment: !Sub 'hosted zone for ${SiteName}'
Name: !Ref SiteName
Route53RecordIPv4:
Type: AWS::Route53::RecordSet
Properties:
AliasTarget:
DNSName: !GetAtt CloudfrontDistribution.DomainName
HostedZoneId: Z2FDTNDATAQYW2
HostedZoneId: !Ref Route53Zone
Name: !Ref SiteName
Type: A
Route53RecordIPv6:
Type: AWS::Route53::RecordSet
Properties:
AliasTarget:
DNSName: !GetAtt CloudfrontDistribution.DomainName
HostedZoneId: Z2FDTNDATAQYW2
HostedZoneId: !Ref Route53Zone
Name: !Ref SiteName
Type: AAAA
CloudfrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Ref SiteName
Enabled: true
HttpVersion: http2
IPV6Enabled: true
PriceClass: PriceClass_100
DefaultRootObject: resume.html
ViewerCertificate:
AcmCertificateArn: !Ref CertificateARN
SslSupportMethod: sni-only
Origins:
- Id: bucket
DomainName: !GetAtt Bucket.RegionalDomainName
S3OriginConfig:
OriginAccessIdentity: ''
DefaultCacheBehavior:
DefaultTTL: 3600
TargetOriginId: bucket
ViewerProtocolPolicy: allow-all
Compress: true
ForwardedValues:
QueryString: false
Outputs:
HostedZoneId:
Value: !Ref Route53Zone
HostedZoneRecords:
Value: !Join [",", !GetAtt Route53Zone.NameServers]
CloudfrontDistribution:
Value: !Ref CloudfrontDistribution