AWSTemplateFormatVersion: '2010-09-09'
Description: Template will deploy an s3 bucket, Route53Zone & SSL certificate to host a static website
Metadata:
  License: magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later

Parameters:
  SiteName:
    Type: String
    Description: Name for the site
    AllowedPattern: '[a-zA-Z0-9-.]{1,63}'
    ConstraintDescription: must be a valid DNS name.
  CertificateARN:
    Type: String

Resources:
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Join [-, !Split [., !Ref SiteName]]
      AccessControl: PublicRead
      WebsiteConfiguration:
        ErrorDocument: resume.html
        IndexDocument: resume.html

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref Bucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadGetObject
            Effect: Allow
            Principal: '*'
            Action: s3:GetObject
            Resource:
              - !Sub ${Bucket.Arn}/*

  Route53Zone:
    Type: AWS::Route53::HostedZone
    Properties:
      HostedZoneConfig:
        Comment: !Sub 'hosted zone for ${SiteName}'
      Name: !Ref SiteName

  Route53RecordIPv4:
    Type: AWS::Route53::RecordSet
    Properties:
      AliasTarget:
        DNSName: !GetAtt CloudfrontDistribution.DomainName
        HostedZoneId: Z2FDTNDATAQYW2
      HostedZoneId: !Ref Route53Zone
      Name: !Ref SiteName
      Type: A

  Route53RecordIPv6:
    Type: AWS::Route53::RecordSet
    Properties:
      AliasTarget:
        DNSName: !GetAtt CloudfrontDistribution.DomainName
        HostedZoneId: Z2FDTNDATAQYW2
      HostedZoneId: !Ref Route53Zone
      Name: !Ref SiteName
      Type: AAAA

  CloudfrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Aliases:
          - !Ref SiteName
        Enabled: true
        HttpVersion: http2
        IPV6Enabled: true
        PriceClass: PriceClass_100
        DefaultRootObject: resume.html
        ViewerCertificate:
          AcmCertificateArn: !Ref CertificateARN
          SslSupportMethod: sni-only
        Origins:
          - Id: bucket
            DomainName: !GetAtt Bucket.RegionalDomainName
            S3OriginConfig:
              OriginAccessIdentity: ''
        DefaultCacheBehavior:
          DefaultTTL: 3600
          TargetOriginId: bucket
          ViewerProtocolPolicy: allow-all
          Compress: true
          ForwardedValues:
            QueryString: false

Outputs:
  HostedZoneId:
    Value: !Ref Route53Zone
  HostedZoneRecords:
    Value: !Join [",", !GetAtt Route53Zone.NameServers]
  CloudfrontDistribution:
    Value: !Ref CloudfrontDistribution