s_om
Reputation: 681
Attach multiple buckets to CloudFront via CloudFormation
I have created a yaml document to create an S3 bucket and attach it to a distribution.
Resources:
S3BucketContent:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store Content'
Properties:
AccessControl: 'Private'
BucketName: !Sub '${AWS::StackName}-content-bucket'
Type: 'AWS::S3::Bucket'
S3BucketPolicy:
Metadata:
Comment: 'Bucket policy to allow cloudfront to access the data'
Properties:
Bucket: !Ref S3BucketContent
PolicyDocument:
Statement:
- Action:
- 's3:GetObject'
Effect: 'Allow'
Principal:
CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
Resource:
- !Sub 'arn:aws:s3:::${S3BucketContent}/*'
Type: 'AWS::S3::BucketPolicy'
CfDistribution:
Metadata:
Comment: 'A simple CloudFront distribution with an S3 origin'
Properties:
DistributionConfig:
Comment: 'A simple distribution with an S3 origin'
DefaultCacheBehavior:
AllowedMethods:
- 'HEAD'
- 'GET'
CachedMethods:
- 'HEAD'
- 'GET'
Compress: false
DefaultTTL: 86400
ForwardedValues:
Cookies:
Forward: 'none'
Headers:
- 'Origin'
QueryString: false
MaxTTL: 31536000
MinTTL: 86400
TargetOriginId: !Sub 's3-origin-${S3BucketContent}'
TrustedSigners:
- !Ref AWS::AccountId
ViewerProtocolPolicy: 'allow-all'
DefaultRootObject: 'index.html'
Enabled: true
HttpVersion: 'http1.1'
IPV6Enabled: false
Origins:
- DomainName: !GetAtt S3BucketContent.RegionalDomainName # NOTE: you may want to replace this with !GetAtt S3Bucket.DomainName (the RegionalDomainName is just to get around the initial DNS propagation issue), more details here: https://stackoverflow.com/questions/38735306/aws-cloudfront-redirecting-to-s3-bucket
Id: !Sub 's3-origin-${S3BucketContent}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
PriceClass: 'PriceClass_All'
Type: 'AWS::CloudFront::Distribution'
CfOriginAccessIdentity:
Metadata:
Comment: 'Access S3 bucket content only through CloudFront'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Outputs:
S3BucketName:
Description: 'Bucket name'
Value: !Ref S3BucketContent
CfDistributionId:
Description: 'Id for our cloudfront distribution'
Value: !Ref CfDistribution
CfDistributionDomainName:
Description: 'Domain name for our cloudfront distribution'
Value: !GetAtt CfDistribution.DomainName
Once the POC worked, I want to create multiple buckets that I can add to the same cloudfront distribution, but I receive an error saying Template format error: Unresolved resource dependencies [S3BucketDWC] in the Resources block of the template, without specifying the exact error. This is the updated yaml for 2 buckets. Can someone please let me know how to go about this?
Resources:
S3BucketContent:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store Content'
Properties:
AccessControl: 'Private'
BucketName: !Sub '${AWS::StackName}-content-bucket'
Type: 'AWS::S3::Bucket'
S3BucketPolicy:
Metadata:
Comment: 'Bucket policy to allow cloudfront to access the data'
Properties:
Bucket: !Ref S3BucketContent
PolicyDocument:
Statement:
- Action:
- 's3:GetObject'
Effect: 'Allow'
Principal:
CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
Resource:
- !Sub 'arn:aws:s3:::${S3BucketContent}/*'
Type: 'AWS::S3::BucketPolicy'
S3BucketDWC:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store dwc'
Properties:
AccessControl: 'Private'
BucketName: !Sub '${AWS::StackName}-dwc-bucket'
Type: 'AWS::S3::Bucket'
S3BucketPolicy:
Metadata:
Comment: 'Bucket policy to allow cloudfront to access the data'
Properties:
Bucket: !Ref S3BucketDWC
PolicyDocument:
Statement:
- Action:
- 's3:GetObject'
Effect: 'Allow'
Principal:
CanonicalUser: !GetAtt CfOriginAccessIdentity.S3CanonicalUserId
Resource:
- !Sub 'arn:aws:s3:::${S3BucketDWC}/*'
Type: 'AWS::S3::BucketPolicy'
CfDistribution:
Metadata:
Comment: 'A simple CloudFront distribution with an S3 origin'
Properties:
DistributionConfig:
Comment: 'A simple distribution with an S3 origin'
DefaultCacheBehavior:
AllowedMethods:
- 'HEAD'
- 'GET'
CachedMethods:
- 'HEAD'
- 'GET'
Compress: false
DefaultTTL: 86400
ForwardedValues:
Cookies:
Forward: 'none'
Headers:
- 'Origin'
QueryString: false
MaxTTL: 31536000
MinTTL: 86400
TargetOriginId: !Sub 's3-origin-${S3BucketContent}'
TrustedSigners:
- !Ref AWS::AccountId
ViewerProtocolPolicy: 'allow-all'
DefaultRootObject: 'index.html'
Enabled: true
HttpVersion: 'http1.1'
IPV6Enabled: false
Origins:
- DomainName: !GetAtt S3BucketContent.RegionalDomainName
Id: !Sub 's3-origin-${S3BucketContent}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
DomainName: !GetAtt S3BucketContent.RegionalDomainName
Id: !Sub 's3-origin-${S3BucketDWC}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
PriceClass: 'PriceClass_All'
Type: 'AWS::CloudFront::Distribution'
CfOriginAccessIdentity:
Metadata:
Comment: 'Access S3 bucket content only through CloudFront'
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: 'Access S3 bucket content only through CloudFront'
Type: 'AWS::CloudFront::CloudFrontOriginAccessIdentity'
Outputs:
S3BucketName:
Description: 'Bucket name'
Value: !Ref S3BucketContent
CfDistributionId:
Description: 'Id for our cloudfront distribution'
Value: !Ref CfDistribution
CfDistributionDomainName:
Description: 'Domain name for our cloudfront distribution'
Value: !GetAtt CfDistribution.DomainName
Upvotes: 2
Views: 1110
Answers (1)
Marcin
Reputation: 238747
At least one apparent issue is that you are using wrong indentation:
S3BucketDWC:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store dwc'
Properties:
AccessControl: 'Private'
BucketName: !Sub '${AWS::StackName}-dwc-bucket'
Type: 'AWS::S3::Bucket'
This should be:
S3BucketDWC:
DeletionPolicy: 'Delete'
Metadata:
Comment: 'Bucket to store dwc'
Properties:
AccessControl: 'Private'
BucketName: !Sub '${AWS::StackName}-dwc-bucket'
Type: 'AWS::S3::Bucket'
The second issue is that Origins should be a list (your are missing -):
Origins:
- DomainName: !GetAtt S3BucketContent.RegionalDomainName
Id: !Sub 's3-origin-${S3BucketContent}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
- DomainName: !GetAtt S3BucketContent.RegionalDomainName
Id: !Sub 's3-origin-${S3BucketDWC}'
OriginPath: ''
S3OriginConfig:
OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${CfOriginAccessIdentity}'
Upvotes: 2
Related Questions
- Not able to server multiple S3 buckets on a single Cloudfront Distribution
- Using CloudFormation to configure CloudFront with an S3 origin
- Multiple S3 buckets in the same CloudFront distribution
- Cloudformation S3 bucket principal for Cloudfront
- CloudFormation creation of CloudFront distribution with logging bucket
- AWS 'Bucket already exists' - how to "migrate" existing resources to CloudFormation?
- How do I define a CloudFront Origin Group in CloudFormation?
- AWS CloudFront with multiple S3 origins
- Create Multiple S3 Buckets having same properties with cloudformation
- Assigning CloudFront Aliases in CloudFormation template