next we add dns and cloudfront

We’re going to be using cloudfront to serve the contents of our s3 bucket over ssl… so this is the part that really ties it all together…

first thing we need to do is add an array of domains to our config file. These are the aliases our cloudfront distribution will respond to.

in the config file, add:

cfAliases:
  - serverlessapp.net
  - www.serverlessapp.net

obviously using your own domain name.

now, create a new file in your respurces directory called cf_distro.yml and insert the following code:

---
Type: AWS::CloudFront::Distribution
Properties:
  DistributionConfig:
    Origins:
      - DomainName:
          Fn::Join: [
            "", [
              { "Ref": "AppS3Bucket" },
              ".s3.amazonaws.com"
            ]
          ]
        Id:
          Ref: AppS3Bucket
        CustomOriginConfig:
          HTTPPort: 80
          HTTPSPort: 443
          OriginProtocolPolicy: https-only
    Enabled: 'true'
    Aliases: ${file(config.${self:provider.stage}.yml):cfAliases}
    DefaultRootObject: index.html
    CustomErrorResponses:
      - ErrorCode: 404
        ResponseCode: 200
        ResponsePagePath: /index.html
    DefaultCacheBehavior:
      AllowedMethods:
        - GET
        - HEAD
      TargetOriginId:
        Ref: AppS3Bucket
      ForwardedValues:
        QueryString: 'false'
        Cookies:
          Forward: none
      ViewerProtocolPolicy: redirect-to-https
    ViewerCertificate:
      # AcmCertificateArn: ${file(config.${self:provider.stage}.yml):sslCertArn} # use this if using an existing cert
      AcmCertificateArn:
        Ref: StaticSiteCert
      SslSupportMethod: sni-only
DependsOn:
  - AppS3BucketPolicy

— if time allows, add a breakdown of whats going on here —

note: if using a manually created aws ssl cert as mentioned above, you’ll need to swap:

AcmCertificateArn:
  Ref: StaticSiteCert

for

AcmCertificateArn: ${file(config.${self:provider.stage}.yml):sslCertArn}

then add sslCertArn to your config file where the value is that of your certificates arn.

e.g.

sslCertArn: arn:aws:acm:region:000000000000:certificate/0000000e-0e00-000d-ad0c-a0c000000000

otherwise… the reference to our own resource should suffice.

note about cloudfront distibution changes in aws… they take forever to update so we want to do as few updates as possible here. mistakes suck because removing them and rebuilding is a really long wait between tests.

so, hopefully we have everything right in the first try ;)

Continue to Part 9