serverless.yml

#
# docs.serverless.com
# https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml/
#

service: brickage-service
useDotenv: true
projectDir: ./
frameworkVersion: "2"

provider:
  name: aws
  profile: default
  region: ${env:REGION}
  runtime: nodejs14.x
  lambdaHashingVersion: 20201221
  deploymentBucket:
    blockPublicAccess: true

plugins:
  - serverless-finch
  - serverless-single-page-app-plugin

custom:
  client:
    distributionFolder: ./dist/app
    bucketName: ${env:BUCKET_NAME}
    indexDocument: index.html
    region: ${env:REGION}
    uploadOrder:
      - .*
      - index\.html
    manageResources: true
  s3LocalPath: ${self:custom.client.distributionFolder}/
  s3BucketName: ${self:custom.client.bucketName}

resources:
  Resources:
    WebAppS3Bucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.s3BucketName}
        AccessControl: PublicRead
        WebsiteConfiguration:
          IndexDocument: index.html
          ErrorDocument: index.html
        VersioningConfiguration:
          Status: Enabled

    WebAppS3BucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        Bucket:
          Ref: WebAppS3Bucket
        PolicyDocument:
          Statement:
            - Sid: "AllowCloudFrontAccessIdentity"
              Effect: Allow
              Action: s3:GetObject
              Resource: arn:aws:s3:::${self:custom.s3BucketName}/*
              Principal:
                AWS:
                  Fn::Join:
                    - " "
                    - - "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity"
                      - !Ref OriginAccessIdentity

    OriginAccessIdentity:
      Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
      Properties:
        CloudFrontOriginAccessIdentityConfig:
          Comment: Access identity between CloudFront and S3 bucket

    WebAppCloudFrontDistribution:
      Type: AWS::CloudFront::Distribution
      Properties:
        DistributionConfig:
          Origins:
            - DomainName: ${self:custom.s3BucketName}.s3.amazonaws.com
              Id: ${env.ORIGIN_ID}
              S3OriginConfig:
                OriginAccessIdentity: !Sub origin-access-identity/cloudfront/${OriginAccessIdentity}
          Enabled: true
          DefaultRootObject: index.html
          CustomErrorResponses:
            - ErrorCode: 404
              ResponseCode: 200
              ResponsePagePath: /index.html
          DefaultCacheBehavior:
            AllowedMethods:
              - DELETE
              - GET
              - HEAD
              - OPTIONS
              - PATCH
              - POST
              - PUT
            CachedMethods:
              - GET
              - HEAD
              - OPTIONS

            ForwardedValues:
              Headers:
                - Access-Control-Request-Headers
                - Access-Control-Request-Method
                - Origin
                - Authorization
              QueryString: "false"
              Cookies:
                Forward: none
            TargetOriginId: ${env.ORIGIN_ID}
            ViewerProtocolPolicy: redirect-to-https
            Compress: true
            DefaultTTL: 0
          ViewerCertificate:
            CloudFrontDefaultCertificate: "true"
  Outputs:
    WebAppS3BucketOutput:
      Value:
        "Ref": WebAppS3Bucket
    WebAppCloudFrontDistributionOutput:
      Value:
        "Fn::GetAtt": [WebAppCloudFrontDistribution, DomainName]