mirror of
https://github.com/DOI-DO/j40-cejst-2.git
synced 2025-02-23 01:54:18 -08:00
84 lines
3.1 KiB
YAML
84 lines
3.1 KiB
YAML
Resources:
|
|
|
|
S3DataBucketPolicyCDN:
|
|
Type: AWS::S3::BucketPolicy
|
|
Properties:
|
|
Bucket:
|
|
Ref: DataBucket
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: "Allow"
|
|
Action:
|
|
- "s3:GetObject"
|
|
Resource:
|
|
Fn::Join:
|
|
- ""
|
|
- - "arn:aws:s3:::"
|
|
- Ref: DataBucket
|
|
- "/*"
|
|
Principal: "*"
|
|
|
|
# DataBucketCachePolicy:
|
|
# Type: AWS::CloudFront::CachePolicy
|
|
# Properties:
|
|
# CachePolicyConfig:
|
|
# Name: ${self:provider.stage}-${self:service}-cloudfront-cache-policy
|
|
# Comment: CloudFront Cache Policy for justice40 data harvester
|
|
# DefaultTTL: "86400" # one day, only if Origin does _not_ send `Cache-Control` or `Expires` headers
|
|
# MaxTTL: "31536000" # one year, used to validate when origin sends `Cache-Control` or `Expires` headers
|
|
# MinTTL: "1" # one second
|
|
# ParametersInCacheKeyAndForwardedToOrigin:
|
|
# EnableAcceptEncodingGzip: false
|
|
# EnableAcceptEncodingBrotli: false
|
|
# CookiesConfig:
|
|
# CookieBehavior: none
|
|
# HeadersConfig:
|
|
# HeaderBehavior: none
|
|
# QueryStringsConfig:
|
|
# QueryStringBehavior: none
|
|
|
|
# DataDistribution:
|
|
# Type: AWS::CloudFront::Distribution
|
|
# Properties:
|
|
# DistributionConfig:
|
|
# Origins:
|
|
# - Id: DataBucket
|
|
# DomainName:
|
|
# # e.g. j40-sit-justice40-data-harvester-data.s3-website-us-east-1.amazonaws.com
|
|
# Fn::Join:
|
|
# - ""
|
|
# - - ${self:custom.namespaceShort}-
|
|
# - ${self:provider.stage}-
|
|
# - ${self:service}-
|
|
# - data
|
|
# - ".s3-website-"
|
|
# - Ref: AWS::Region
|
|
# - ".amazonaws.com"
|
|
# CustomOriginConfig:
|
|
# HTTPPort: '80'
|
|
# HTTPSPort: '443'
|
|
# OriginProtocolPolicy: http-only
|
|
# OriginSSLProtocols: [ "TLSv1", "TLSv1.1", "TLSv1.2" ]
|
|
# OriginCustomHeaders:
|
|
# - HeaderName: Origin # if the `Origin` header isn't present, S3 won't send CORS headers, this forces CORS to always be included
|
|
# HeaderValue: geoplatform.gov # this doesn't need to be anything specific, since Allow-Origin: * is our CORS policy, it just has to have a value
|
|
|
|
# Enabled: true
|
|
# HttpVersion: http2
|
|
# Comment: CDN for justice40 data bucket
|
|
# Aliases:
|
|
# - ${self:custom.environment.HOSTED_ZONE_SUBDOMAIN}.${self:custom.environment.HOSTED_ZONE_DOMAIN}
|
|
# PriceClass: PriceClass_All
|
|
# DefaultCacheBehavior:
|
|
# AllowedMethods: [HEAD, GET, OPTIONS]
|
|
# CachedMethods: [HEAD, GET]
|
|
# CachePolicyId:
|
|
# Ref: DataBucketCachePolicy
|
|
# MinTTL: '0'
|
|
# DefaultTTL: '0'
|
|
# TargetOriginId: DataBucket
|
|
# ViewerProtocolPolicy: redirect-to-https
|
|
# CustomErrorResponses: []
|
|
# ViewerCertificate:
|
|
# AcmCertificateArn: ${self:custom.environment.CLOUDFRONT_CERTIFICATE_ARN}
|
|
# SslSupportMethod: sni-only
|