S3StaticWebsiteCustomDomain.yml

Parameters:
  RootDomainName:
    Description: subatomictheory.com
    Type: String
Mappings:
  RegionMap:
    us-east-1:
      S3hostedzoneID: Z3AQBSTGFYJSTF
      websiteendpoint: s3-website-us-east-1.amazonaws.com
    us-west-1:
      S3hostedzoneID: Z2F56UZL2M1ACD
      websiteendpoint: s3-website-us-west-1.amazonaws.com
    us-west-2:
      S3hostedzoneID: Z3BJ6K6RIION7M
      websiteendpoint: s3-website-us-west-2.amazonaws.com
    eu-west-1:
      S3hostedzoneID: Z1BKCTXD74EZPE
      websiteendpoint: s3-website-eu-west-1.amazonaws.com
    ap-southeast-1:
      S3hostedzoneID: Z3O0J2DXBE1FTB
      websiteendpoint: s3-website-ap-southeast-1.amazonaws.com
    ap-southeast-2:
      S3hostedzoneID: Z1WCIGYICN2BYD
      websiteendpoint: s3-website-ap-southeast-2.amazonaws.com
    ap-northeast-1:
      S3hostedzoneID: Z2M4EHUR26P7ZW
      websiteendpoint: s3-website-ap-northeast-1.amazonaws.com
    sa-east-1:
      S3hostedzoneID: Z31GFT0UA1I2HV
      websiteendpoint: s3-website-sa-east-1.amazonaws.com
Resources:
  SubatomictheoryRootBucket:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: Enabled
      BucketName: !Ref RootDomainName
      AccessControl: PublicRead
      LoggingConfiguration:
        DestinationBucketName: !Ref SubatomictheoryLogBucket
        LogFilePrefix: rootbucketaccess-logs
      WebsiteConfiguration:
        IndexDocument: index.html
        ErrorDocument: error.html
  SubatomictheoryWWWBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub
        - www.${Domain}
        - Domain: !Ref RootDomainName
      AccessControl: BucketOwnerFullControl
      PublicAccessBlockConfiguration:
        BlockPublicPolicy: true
        RestrictPublicBuckets: true
        BlockPublicAcls: true
        IgnorePublicAcls: true
      LoggingConfiguration:
        DestinationBucketName: !Ref SubatomictheoryLogBucket
        LogFilePrefix: wwwbucketaccess-logs
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: !Ref SubatomictheoryRootBucket
  SubatomictheoryLogBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      AccessControl: LogDeliveryWrite
      PublicAccessBlockConfiguration:
        BlockPublicPolicy: true
        RestrictPublicBuckets: true
        BlockPublicAcls: true
        IgnorePublicAcls: true
      BucketName: !Join
        - '.'
        - ['www', !Ref RootDomainName, 'logs']
      LifecycleConfiguration:
        Rules:
          - Id: PermanentlyDeleteNoncurrentVersionsRule
            Status: Enabled
            ExpirationInDays: 1
            NoncurrentVersionExpirationInDays: 1
  SubatomictheoryBucketPolicy:
    Type: 'AWS::S3::BucketPolicy'
    Properties:
      Bucket: !Ref SubatomictheoryRootBucket
      PolicyDocument:
        Id: SubatomictheoryPolicy
        Version: 2012-10-17
        Statement:
          - Sid: PublicReadForGetBucketObjects
            Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Join 
              - ''
              - - 'arn:aws:s3:::'
                - !Ref SubatomictheoryRootBucket
                - /*
  SubatomictheoryDNS:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneName: !Sub 
        - ${Domain}.
        - Domain: !Ref RootDomainName
      # Zone apex alias.
      RecordSets:
      - Name: !Ref RootDomainName
        Type: A
        AliasTarget:
          HostedZoneId: !FindInMap [ RegionMap, !Ref 'AWS::Region', S3hostedzoneID]
          DNSName: !FindInMap [ RegionMap, !Ref 'AWS::Region', websiteendpoint]
      - Name: !Sub
          - www.${Domain}
          - Domain: !Ref RootDomainName
        Type: CNAME
        TTL: 900
        ResourceRecords:
          - !Join
            - '.'
            - - !Ref SubatomictheoryWWWBucket
              - !FindInMap [ RegionMap, !Ref 'AWS::Region', websiteendpoint]
Outputs:
  WebsiteURL:
    Value: !GetAtt SubatomictheoryRootBucket.WebsiteURL
    Description: URL for website hosted on S3
  S3BucketSecureURL:
    Value: !Join 
      - ''
      - - 'https://'
        - !GetAtt
          - SubatomictheoryWWWBucket
          - DomainName