284 lines
9.7 KiB
YAML
284 lines
9.7 KiB
YAML
###############################################################################
|
|
### AWS Cloudformation Template
|
|
### InfluxData Documentation Website Hosting and Deployment
|
|
###############################################################################
|
|
AWSTemplateFormatVersion: 2010-09-09
|
|
Description: >
|
|
Cloudformation template to stand up the AWS resources for hosting the
|
|
InfluxData documentation static website created using Hugo. Cloudfront
|
|
distribution is used to cache requests to an S3 bucket configured as a static
|
|
website. A Lambda@Edge function rewrites requests with paths ending in
|
|
index.html and requests to old v1 docs endpoints, which reside in a second
|
|
bucket. Finally, a lambda is used to generate new versions of the docs using
|
|
the GitHub source based on event and webhook triggers.
|
|
|
|
###############################################################################
|
|
Parameters:
|
|
###############################################################################
|
|
|
|
AcmCertificateArn:
|
|
Type: String
|
|
Description: >
|
|
The ARN of the SSL certificate to use for the CloudFront
|
|
distribution.
|
|
|
|
DomainName:
|
|
Type: String
|
|
Description: The docs website domain name.
|
|
Default: dev.docs.influxdata.com
|
|
|
|
###############################################################################
|
|
Outputs:
|
|
###############################################################################
|
|
|
|
DocsProdBucketArn:
|
|
Description: The ARN of the S3 bucket hosting the static content.
|
|
Value: !GetAtt DocsV2Bucket.Arn
|
|
|
|
DocsCircleCIDeployAccessKeyId:
|
|
Description: The access key ID for CircleCI deployment to S3.
|
|
Value: !Ref DocsCircleCIDeployAccessKey
|
|
|
|
DocsCircleCIDeploySecretAccessKey:
|
|
Description: The secret access key for CircleCI deployment to S3.
|
|
Value: !GetAtt DocsCircleCIDeployAccessKey.SecretAccessKey
|
|
|
|
###############################################################################
|
|
Resources:
|
|
###############################################################################
|
|
|
|
DocsCloudFrontDistribution:
|
|
Type: AWS::CloudFront::Distribution
|
|
Description: The CDN for both V1 and V2 docs.
|
|
Properties:
|
|
DistributionConfig:
|
|
Aliases:
|
|
- !Ref DomainName
|
|
DefaultCacheBehavior:
|
|
Compress: true
|
|
ForwardedValues:
|
|
QueryString: false
|
|
TargetOriginId: !Ref DocsV2Bucket
|
|
ViewerProtocolPolicy: redirect-to-https
|
|
LambdaFunctionAssociations:
|
|
- EventType: origin-request
|
|
LambdaFunctionARN: !Ref DocsOriginRequestRewriteLambdaVersion
|
|
DefaultRootObject: index.html
|
|
CustomErrorResponses:
|
|
- ErrorCachingMinTTL: 300
|
|
ErrorCode: 403
|
|
ResponseCode: 404
|
|
ResponsePagePath: /404.html
|
|
Enabled: true
|
|
HttpVersion: http2
|
|
Origins:
|
|
- DomainName:
|
|
!Sub "${DocsV2Bucket}.s3.amazonaws.com"
|
|
Id: !Ref DocsV2Bucket
|
|
S3OriginConfig:
|
|
OriginAccessIdentity:
|
|
!Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
|
|
- DomainName:
|
|
!Sub "${DocsV1Bucket}.s3.amazonaws.com"
|
|
Id: !Ref DocsV1Bucket
|
|
S3OriginConfig:
|
|
OriginAccessIdentity:
|
|
!Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
|
|
PriceClass: PriceClass_100
|
|
ViewerCertificate:
|
|
AcmCertificateArn: !Ref AcmCertificateArn
|
|
MinimumProtocolVersion: TLSv1.1_2016
|
|
SslSupportMethod: sni-only
|
|
Tags:
|
|
- Key: Domain
|
|
Value: !Ref DomainName
|
|
|
|
DocsCloudFrontOriginAccessIdentity:
|
|
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
|
|
Properties:
|
|
CloudFrontOriginAccessIdentityConfig:
|
|
Comment: !Sub 'CloudFront Origin Access Identity for ${DomainName}'
|
|
|
|
DocsV2Bucket:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketEncryption:
|
|
ServerSideEncryptionConfiguration:
|
|
-
|
|
ServerSideEncryptionByDefault:
|
|
SSEAlgorithm: AES256
|
|
Tags:
|
|
- Key: Domain
|
|
Value: !Ref DomainName
|
|
|
|
DocsV2BucketPolicy:
|
|
Type: AWS::S3::BucketPolicy
|
|
Properties:
|
|
Bucket: !Ref DocsV2Bucket
|
|
PolicyDocument:
|
|
Statement:
|
|
-
|
|
Effect: Allow
|
|
Action:
|
|
- s3:GetObject
|
|
Resource: !Sub "arn:aws:s3:::${DocsV2Bucket}/*"
|
|
Principal:
|
|
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
|
|
|
|
DocsV1Bucket:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketEncryption:
|
|
ServerSideEncryptionConfiguration:
|
|
-
|
|
ServerSideEncryptionByDefault:
|
|
SSEAlgorithm: AES256
|
|
Tags:
|
|
- Key: Domain
|
|
Value: !Ref DomainName
|
|
|
|
DocsV1BucketPolicy:
|
|
Type: AWS::S3::BucketPolicy
|
|
Properties:
|
|
Bucket: !Ref DocsV1Bucket
|
|
PolicyDocument:
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:GetObject
|
|
Resource: !Sub "arn:aws:s3:::${DocsV1Bucket}/*"
|
|
Principal:
|
|
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
|
|
|
|
DocsOriginRequestRewriteLambda:
|
|
Type: AWS::Lambda::Function
|
|
Properties:
|
|
Description: Lambda function performing request URI rewriting.
|
|
Code:
|
|
ZipFile: |
|
|
'use strict';
|
|
|
|
exports.handler = (event, context, callback) => {
|
|
const { request } = event.Records[0].cf;
|
|
const { uri, headers, origin } = request;
|
|
const extension = uri.substr(uri.lastIndexOf('.') + 1);
|
|
|
|
const validExtensions = ['.html', '.css', '.js', '.xml', '.png', '.jpg', '.svg', '.json', '.csv', '.rb', '.otf', '.eot', '.ttf', '.woff'];
|
|
const indexPath = 'index.html';
|
|
const defaultPath = '/v2.0/'
|
|
|
|
// If path ends with '/', then append 'index.html', otherwise redirect to a
|
|
// path with '/' or ignore if the path ends with a valid file extension.
|
|
if ((uri == '/') || (uri.length < defaultPath.length)) {
|
|
callback(null, {
|
|
status: '302',
|
|
statusDescription: 'Found',
|
|
headers: {
|
|
location: [{
|
|
key: 'Location',
|
|
value: defaultPath,
|
|
}],
|
|
}
|
|
});
|
|
} else if (uri.endsWith('/')) {
|
|
request.uri = uri + indexPath;
|
|
} else if (uri.endsWith('/index.html')) {
|
|
callback(null, {
|
|
status: '302',
|
|
statusDescription: 'Found',
|
|
headers: {
|
|
location: [{
|
|
key: 'Location',
|
|
value: uri.substr(0, uri.length - indexPath.length),
|
|
}],
|
|
}
|
|
});
|
|
} else if (validExtensions.filter((ext) => uri.endsWith(ext)) == 0) {
|
|
callback(null, {
|
|
status: '302',
|
|
statusDescription: 'Found',
|
|
headers: {
|
|
location: [{
|
|
key: 'Location',
|
|
value: uri + '/',
|
|
}],
|
|
}
|
|
});
|
|
}
|
|
|
|
const pathsV1 = ['/influxdb', '/telegraf', '/chronograf', '/kapacitor', '/enterprise_influxdb', '/enterprise_kapacitor'];
|
|
const originV1 = process.env.ORIGIN_V1;
|
|
|
|
// Send to v1 origin if start of path matches
|
|
if (pathsV1.filter((path) => uri.startsWith(path)) > 0) {
|
|
headers['host'] = [{key: 'host', value: originV1}];
|
|
origin.s3.domainName = originV1;
|
|
}
|
|
|
|
// If nothing matches, return request unchanged
|
|
callback(null, request);
|
|
};
|
|
|
|
Handler: index.handler
|
|
MemorySize: 128
|
|
Role: !Sub ${DocsOriginRequestRewriteLambdaRole.Arn}
|
|
Runtime: nodejs8.10
|
|
Tags:
|
|
- Key: Domain
|
|
Value: !Ref DomainName
|
|
|
|
DocsOriginRequestRewriteLambdaVersion:
|
|
Type: AWS::Lambda::Version
|
|
Properties:
|
|
FunctionName: !Ref DocsOriginRequestRewriteLambda
|
|
Description: !Sub "URL rewriting for ${DomainName}"
|
|
|
|
DocsOriginRequestRewriteLambdaRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Action: sts:AssumeRole
|
|
Principal:
|
|
Service:
|
|
- edgelambda.amazonaws.com
|
|
- lambda.amazonaws.com
|
|
ManagedPolicyArns:
|
|
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
|
|
|
|
DocsCircleCIDeployUser:
|
|
Type: AWS::IAM::User
|
|
Properties:
|
|
Policies:
|
|
- PolicyName: giveaccesstoupdatedocsbuckets
|
|
PolicyDocument:
|
|
Version: 2012-10-17
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:ListBucket
|
|
- s3:GetBucketLocation
|
|
Resource:
|
|
- !Sub "arn:aws:s3:::${DocsV2Bucket}"
|
|
- !Sub "arn:aws:s3:::${DocsV1Bucket}"
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:PutObject
|
|
- s3:PutObjectAcl
|
|
- s3:DeleteObject
|
|
Resource:
|
|
- !Sub "arn:aws:s3:::${DocsV2Bucket}/*"
|
|
- !Sub "arn:aws:s3:::${DocsV1Bucket}/*"
|
|
- Effect: Allow
|
|
Action:
|
|
- cloudfront:GetDistribution
|
|
- cloudfront:CreateInvalidation
|
|
Resource: "*"
|
|
|
|
DocsCircleCIDeployAccessKey:
|
|
Type: AWS::IAM::AccessKey
|
|
Properties:
|
|
UserName: !Ref DocsCircleCIDeployUser
|