Skip to content

Latest commit

 

History

History
64 lines (43 loc) · 6.2 KB

ARCHITECTURE.md

File metadata and controls

64 lines (43 loc) · 6.2 KB

Cloud Architecture

This approach describes the static website using two separate CloudFormation stacks:

  • A storage stack, which contains the S3 bucket that contains the content of your website, and related policies; this can be deployed to any region
  • A distribution stack, which contains the CloudFront distribution, Lambda@Edge functions, SSL certificate and related resources; this is always deployed to us-east-1
<script type="text/javascript" src="https://www.draw.io/js/viewer.min.js"></script>

Storage stack

Resources

  • S3 bucket, where your website content is uploaded
  • Origin Access Identity (OAI) in CloudFront
  • S3 bucket policy that gives the OAI permission to read from the bucket

Parameters

  • Service is the service name of the website, used as the base name of all resources
  • Stage is used as a suffix to differentiate between environments

Outputs

  • BucketName, the name of the bucket
  • BucketDomainName, the (regional) domain name of the bucket
  • OriginAccessIdentity, the name of the OAI

Distribution stack

Transform

This template uses the AWS::Serverless transform, so that we can make use of the AWS::Serverless::Function resource type.

Resources

  • CloudFront distribution
  • SSL certificate that covers the root domain and the www domain using subject alternative names
  • Route53 record sets (up to 4)
  • Lambda@Edge functions (up to 2)
  • IAM role to run the Lambda functions
  • a bucket for CloudFront logging

Parameters

  • Service is the service name of the website, used as the base name of all resources
  • Stage is used as a suffix to differentiate between environments
  • DomainName is the root domain name to use for the website
  • Subdomain is the child domain to create under the root domain name, www by default
  • DomainRedirectMode instructs the template how to configure domain name redirects (see below)
  • CertificateValidationMethod can be either DNS (the default) or EMAIL to trigger one of ACM's validation options
  • IndexDocument specifies the filename of objects to serve as directory-level index files, index.html by default
  • Route53HostedZoneId must be determined manually and passed in
  • OriginBucketDomainName is the domain name of the bucket created in the storage stack and output as BucketDomainName
  • OriginAccessIdentity is the value output from the storage stack as OriginAccessIdentity to grant access to the origin bucket

If you use the npm command wrapper scripts, then the last two parameters will be automatically retrieved from the deployed corresponding storage stack.

For more information about these parameters and how to use them, see Configuration.

Outputs

  • DistributionDomainName is the native CloudFront distribution DNS name, you will need this if you are hosting DNS outside of Route53
  • LogsBucketName is the name of the bucket to which CloudFormation access logs are written