2019-01-17 21:59:44 +00:00
|
|
|
###############################################################################
|
|
|
|
|
### AWS Cloudformation Template
|
|
|
|
|
### InfluxData Documentation Website Hosting and Deployment
|
|
|
|
|
###############################################################################
|
|
|
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
|
|
|
Description: >
|
|
|
|
|
Cloudformation template to stand up the AWS resources for hosting the
|
|
|
|
|
InfluxData documentation static website created using Hugo. Cloudfront
|
|
|
|
|
distribution is used to cache requests to an S3 bucket configured as a static
|
|
|
|
|
website. A Lambda@Edge function rewrites requests with paths ending in
|
|
|
|
|
index.html and requests to old v1 docs endpoints, which reside in a second
|
|
|
|
|
bucket. Finally, a lambda is used to generate new versions of the docs using
|
|
|
|
|
the GitHub source based on event and webhook triggers.
|
2019-01-17 23:08:48 +00:00
|
|
|
|
2019-01-17 21:59:44 +00:00
|
|
|
###############################################################################
|
|
|
|
|
Parameters:
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
AcmCertificateArn:
|
|
|
|
|
Type: String
|
|
|
|
|
Description: >
|
2019-01-19 06:24:10 +00:00
|
|
|
The ARN of the SSL certificate to use for the CloudFront
|
|
|
|
|
distribution.
|
2019-01-17 21:59:44 +00:00
|
|
|
|
|
|
|
|
DomainName:
|
|
|
|
|
Type: String
|
2019-01-19 06:24:10 +00:00
|
|
|
Description: The docs website domain name.
|
2020-09-02 23:48:46 +00:00
|
|
|
Default: docs.influxdata.com
|
2019-01-17 21:59:44 +00:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
Outputs:
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
DocsProdBucketArn:
|
|
|
|
|
Description: The ARN of the S3 bucket hosting the static content.
|
2020-08-27 05:19:33 +00:00
|
|
|
Value: !GetAtt DocsBucket.Arn
|
2019-01-19 06:24:10 +00:00
|
|
|
|
|
|
|
|
DocsCircleCIDeployAccessKeyId:
|
|
|
|
|
Description: The access key ID for CircleCI deployment to S3.
|
|
|
|
|
Value: !Ref DocsCircleCIDeployAccessKey
|
|
|
|
|
|
|
|
|
|
DocsCircleCIDeploySecretAccessKey:
|
|
|
|
|
Description: The secret access key for CircleCI deployment to S3.
|
|
|
|
|
Value: !GetAtt DocsCircleCIDeployAccessKey.SecretAccessKey
|
2019-01-17 21:59:44 +00:00
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
|
Resources:
|
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
|
|
DocsCloudFrontDistribution:
|
|
|
|
|
Type: AWS::CloudFront::Distribution
|
|
|
|
|
Properties:
|
|
|
|
|
DistributionConfig:
|
|
|
|
|
Aliases:
|
|
|
|
|
- !Ref DomainName
|
|
|
|
|
DefaultCacheBehavior:
|
2020-08-27 05:19:33 +00:00
|
|
|
TargetOriginId: !Ref DocsBucket
|
|
|
|
|
ViewerProtocolPolicy: redirect-to-https
|
|
|
|
|
DefaultTTL: 2592000
|
2019-01-17 21:59:44 +00:00
|
|
|
Compress: true
|
|
|
|
|
ForwardedValues:
|
|
|
|
|
QueryString: false
|
|
|
|
|
LambdaFunctionAssociations:
|
|
|
|
|
- EventType: origin-request
|
|
|
|
|
LambdaFunctionARN: !Ref DocsOriginRequestRewriteLambdaVersion
|
2020-08-27 05:19:33 +00:00
|
|
|
DefaultRootObject: '/'
|
2019-01-17 21:59:44 +00:00
|
|
|
CustomErrorResponses:
|
|
|
|
|
- ErrorCachingMinTTL: 300
|
|
|
|
|
ErrorCode: 403
|
|
|
|
|
ResponseCode: 404
|
|
|
|
|
ResponsePagePath: /404.html
|
|
|
|
|
Enabled: true
|
|
|
|
|
HttpVersion: http2
|
|
|
|
|
Origins:
|
2020-08-27 05:19:33 +00:00
|
|
|
- Id: !Ref DocsBucket
|
|
|
|
|
DomainName: !Join [ "", [ !Ref DocsBucket, ".s3.amazonaws.com" ] ]
|
2019-01-17 21:59:44 +00:00
|
|
|
S3OriginConfig:
|
|
|
|
|
OriginAccessIdentity:
|
2019-01-19 06:24:10 +00:00
|
|
|
!Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
|
2019-01-18 23:12:01 +00:00
|
|
|
PriceClass: PriceClass_100
|
2019-01-17 21:59:44 +00:00
|
|
|
ViewerCertificate:
|
|
|
|
|
AcmCertificateArn: !Ref AcmCertificateArn
|
|
|
|
|
MinimumProtocolVersion: TLSv1.1_2016
|
|
|
|
|
SslSupportMethod: sni-only
|
|
|
|
|
Tags:
|
|
|
|
|
- Key: Domain
|
|
|
|
|
Value: !Ref DomainName
|
|
|
|
|
|
|
|
|
|
DocsCloudFrontOriginAccessIdentity:
|
|
|
|
|
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
|
|
|
|
|
Properties:
|
|
|
|
|
CloudFrontOriginAccessIdentityConfig:
|
|
|
|
|
Comment: !Sub 'CloudFront Origin Access Identity for ${DomainName}'
|
|
|
|
|
|
2020-08-27 05:19:33 +00:00
|
|
|
DocsBucket:
|
2019-01-17 23:08:48 +00:00
|
|
|
Type: AWS::S3::Bucket
|
|
|
|
|
Properties:
|
|
|
|
|
BucketEncryption:
|
|
|
|
|
ServerSideEncryptionConfiguration:
|
|
|
|
|
-
|
|
|
|
|
ServerSideEncryptionByDefault:
|
|
|
|
|
SSEAlgorithm: AES256
|
|
|
|
|
Tags:
|
|
|
|
|
- Key: Domain
|
|
|
|
|
Value: !Ref DomainName
|
|
|
|
|
|
2020-08-27 05:19:33 +00:00
|
|
|
DocsBucketPolicy:
|
2019-01-17 23:08:48 +00:00
|
|
|
Type: AWS::S3::BucketPolicy
|
|
|
|
|
Properties:
|
2020-08-27 05:19:33 +00:00
|
|
|
Bucket: !Ref DocsBucket
|
2019-01-17 23:08:48 +00:00
|
|
|
PolicyDocument:
|
|
|
|
|
Statement:
|
|
|
|
|
-
|
2019-01-19 07:23:20 +00:00
|
|
|
Effect: Allow
|
2019-01-17 23:08:48 +00:00
|
|
|
Action:
|
|
|
|
|
- s3:GetObject
|
2020-08-27 05:19:33 +00:00
|
|
|
Resource: !Sub "arn:aws:s3:::${DocsBucket}/*"
|
2019-01-17 21:59:44 +00:00
|
|
|
Principal:
|
|
|
|
|
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
|
|
|
|
|
|
|
|
|
|
DocsOriginRequestRewriteLambda:
|
|
|
|
|
Type: AWS::Lambda::Function
|
|
|
|
|
Properties:
|
2019-01-19 06:24:10 +00:00
|
|
|
Description: Lambda function performing request URI rewriting.
|
2019-01-17 21:59:44 +00:00
|
|
|
Code:
|
|
|
|
|
ZipFile: |
|
2019-06-25 15:07:48 +00:00
|
|
|
'use strict';
|
2019-01-18 20:17:30 +00:00
|
|
|
|
2020-09-02 20:18:46 +00:00
|
|
|
// This is a a placeholder lambda function. Use the AWS Lambda console
|
|
|
|
|
// to add/update the contents of deploy/edge.js to the actual Lambda
|
|
|
|
|
// function and deploy it to Lambda@Edge
|
2019-06-25 15:07:48 +00:00
|
|
|
|
2020-09-02 20:18:46 +00:00
|
|
|
const { request } = event.Records[0].cf;
|
2020-08-27 05:19:33 +00:00
|
|
|
|
|
|
|
|
exports.handler = (event, context, callback) => {
|
2019-01-18 20:17:30 +00:00
|
|
|
callback(null, request);
|
2019-01-17 21:59:44 +00:00
|
|
|
};
|
2019-06-25 15:07:48 +00:00
|
|
|
|
2019-01-17 21:59:44 +00:00
|
|
|
Handler: index.handler
|
|
|
|
|
MemorySize: 128
|
|
|
|
|
Role: !Sub ${DocsOriginRequestRewriteLambdaRole.Arn}
|
2020-08-27 05:19:33 +00:00
|
|
|
Runtime: nodejs12.x
|
2019-01-17 21:59:44 +00:00
|
|
|
Tags:
|
|
|
|
|
- Key: Domain
|
|
|
|
|
Value: !Ref DomainName
|
|
|
|
|
|
|
|
|
|
DocsOriginRequestRewriteLambdaVersion:
|
|
|
|
|
Type: AWS::Lambda::Version
|
|
|
|
|
Properties:
|
|
|
|
|
FunctionName: !Ref DocsOriginRequestRewriteLambda
|
|
|
|
|
Description: !Sub "URL rewriting for ${DomainName}"
|
|
|
|
|
|
|
|
|
|
DocsOriginRequestRewriteLambdaRole:
|
|
|
|
|
Type: AWS::IAM::Role
|
|
|
|
|
Properties:
|
|
|
|
|
AssumeRolePolicyDocument:
|
|
|
|
|
Version: 2012-10-17
|
|
|
|
|
Statement:
|
|
|
|
|
- Effect: Allow
|
2019-01-19 07:23:20 +00:00
|
|
|
Action: sts:AssumeRole
|
2019-01-17 21:59:44 +00:00
|
|
|
Principal:
|
|
|
|
|
Service:
|
|
|
|
|
- edgelambda.amazonaws.com
|
|
|
|
|
- lambda.amazonaws.com
|
|
|
|
|
ManagedPolicyArns:
|
2019-01-17 23:08:48 +00:00
|
|
|
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
|
2019-01-19 06:24:10 +00:00
|
|
|
|
|
|
|
|
DocsCircleCIDeployUser:
|
|
|
|
|
Type: AWS::IAM::User
|
|
|
|
|
Properties:
|
|
|
|
|
Policies:
|
2019-01-19 07:23:20 +00:00
|
|
|
- PolicyName: giveaccesstoupdatedocsbuckets
|
2019-01-25 17:54:53 +00:00
|
|
|
PolicyDocument:
|
2019-01-19 07:23:20 +00:00
|
|
|
Version: 2012-10-17
|
|
|
|
|
Statement:
|
|
|
|
|
- Effect: Allow
|
|
|
|
|
Action:
|
|
|
|
|
- s3:ListBucket
|
|
|
|
|
- s3:GetBucketLocation
|
|
|
|
|
Resource:
|
2020-08-27 05:19:33 +00:00
|
|
|
- !Sub "arn:aws:s3:::${DocsBucket}"
|
2019-01-19 07:23:20 +00:00
|
|
|
- Effect: Allow
|
|
|
|
|
Action:
|
|
|
|
|
- s3:PutObject
|
|
|
|
|
- s3:PutObjectAcl
|
|
|
|
|
- s3:DeleteObject
|
|
|
|
|
Resource:
|
2020-08-27 05:19:33 +00:00
|
|
|
- !Sub "arn:aws:s3:::${DocsBucket}/*"
|
2019-01-19 07:23:20 +00:00
|
|
|
- Effect: Allow
|
|
|
|
|
Action:
|
|
|
|
|
- cloudfront:GetDistribution
|
|
|
|
|
- cloudfront:CreateInvalidation
|
2019-01-25 17:54:53 +00:00
|
|
|
Resource: "*"
|
2019-01-19 06:24:10 +00:00
|
|
|
|
|
|
|
|
DocsCircleCIDeployAccessKey:
|
|
|
|
|
Type: AWS::IAM::AccessKey
|
|
|
|
|
Properties:
|
|
|
|
|
UserName: !Ref DocsCircleCIDeployUser
|
