s3-static-website.yaml
---

S3 Static Website CloudFormation Deployment

This CloudFormation template will deploy an S3 bucket configured to host static web content, as well as an IAM user with access to the bucket.

AWSTemplateFormatVersion: '2010-09-09' Description: Static S3 Website

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters: SiteName: Type: String Description: The DNS name of the website (no spaces). This will be the bucket name also. AllowedPattern: "(?!-)[a-zA-Z0-9-.]{1,63}(?<!-)" ConstraintDescription: Must be a valid character in a DNS name. IndexURL: Type: String Default: index.html ErrorURL: Type: String Default: error.html

Tags

The following tags are applied to all resources created by this template.

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. AccountNumberTag: Type: String Description: Identifies the financial system account number. SubAccountTag: Type: String Description: Identifies the financial system sub-account. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource.

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Website Configuration Parameters: - SiteName - Label: default: Tagging and Cost Management Parameters: - ServiceTag - EnvironmentTag - ContactNetidTag - AccountNumberTag - TicketNumberTag ParameterLabels: ServiceTag: default: "Service Name:" EnvironmentTag: default: 'Environment Type:' ContactNetidTag: default: 'Technical Contact NetID:' AccountNumberTag: default: 'Financial Account Number:' TicketNumberTag: default: 'Ticket Number:' Resources: S3WebsiteBucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref SiteName AccessControl: PublicRead WebsiteConfiguration: IndexDocument: !Ref IndexURL ErrorDocument: !Ref ErrorURL Tags: - Key: "Name" Value: !Ref SiteName - Key: service Value: !Ref ServiceTag - Key: environment Value: !Ref EnvironmentTag - Key: contactnetid Value: !Ref ContactNetidTag - Key: accountnumber Value: !Ref AccountNumberTag - Key: subaccount Value: !Ref SubAccountTag - Key: ticketnumber Value: !Ref TicketNumberTag

S3 Bukcet Policy

Sets the required policy on the S3 bucket to allow web hosting.

S3BucketPublicPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: S3WebsiteBucket PolicyDocument: Statement: - Action: - s3:GetObject Effect: Allow Resource: !Sub "arn:aws:s3:::${S3WebsiteBucket}/*" Principal: "*"

S3 Bukcet User

Creates an IAM user that can only connect to the S3 bucket specified.

S3BucketUser: Type: AWS::IAM::User Properties: Path: "/" Policies: - PolicyName: s3BucketAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:List* Resource: - "*" - Effect: Allow Action: - s3:* Resource: !Sub "arn:aws:s3:::${S3WebsiteBucket}*" Outputs: WebsiteURL: Value: !Sub "http://${S3WebsiteBucket}/" BucketName: Value: !Ref S3WebsiteBucket