forked from influxdata/docs-v2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocs-website.yml
198 lines (177 loc) · 6.53 KB
/
docs-website.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
###############################################################################
### AWS Cloudformation Template
### InfluxData Documentation Website Hosting and Deployment
###############################################################################
AWSTemplateFormatVersion: 2010-09-09
Description: >
Cloudformation template to stand up the AWS resources for hosting the
InfluxData documentation static website created using Hugo. Cloudfront
distribution is used to cache requests to an S3 bucket configured as a static
website. A Lambda@Edge function rewrites requests with paths ending in
index.html and requests to old v1 docs endpoints, which reside in a second
bucket. Finally, a lambda is used to generate new versions of the docs using
the GitHub source based on event and webhook triggers.
###############################################################################
Parameters:
###############################################################################
AcmCertificateArn:
Type: String
Description: >
The ARN of the SSL certificate to use for the CloudFront
distribution.
DomainName:
Type: String
Description: The docs website domain name.
Default: docs.influxdata.com
###############################################################################
Outputs:
###############################################################################
DocsProdBucketArn:
Description: The ARN of the S3 bucket hosting the static content.
Value: !GetAtt DocsBucket.Arn
DocsCircleCIDeployAccessKeyId:
Description: The access key ID for CircleCI deployment to S3.
Value: !Ref DocsCircleCIDeployAccessKey
DocsCircleCIDeploySecretAccessKey:
Description: The secret access key for CircleCI deployment to S3.
Value: !GetAtt DocsCircleCIDeployAccessKey.SecretAccessKey
###############################################################################
Resources:
###############################################################################
DocsCloudFrontDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Aliases:
- !Ref DomainName
DefaultCacheBehavior:
TargetOriginId: !Ref DocsBucket
ViewerProtocolPolicy: redirect-to-https
DefaultTTL: 2592000
Compress: true
ForwardedValues:
QueryString: false
LambdaFunctionAssociations:
- EventType: origin-request
LambdaFunctionARN: !Ref DocsOriginRequestRewriteLambdaVersion
DefaultRootObject: '/'
CustomErrorResponses:
- ErrorCachingMinTTL: 300
ErrorCode: 403
ResponseCode: 404
ResponsePagePath: /404.html
Enabled: true
HttpVersion: http2
Origins:
- Id: !Ref DocsBucket
DomainName: !Join [ "", [ !Ref DocsBucket, ".s3.amazonaws.com" ] ]
S3OriginConfig:
OriginAccessIdentity:
!Sub "origin-access-identity/cloudfront/${DocsCloudFrontOriginAccessIdentity}"
PriceClass: PriceClass_100
ViewerCertificate:
AcmCertificateArn: !Ref AcmCertificateArn
MinimumProtocolVersion: TLSv1.1_2016
SslSupportMethod: sni-only
Tags:
- Key: Domain
Value: !Ref DomainName
DocsCloudFrontOriginAccessIdentity:
Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
Properties:
CloudFrontOriginAccessIdentityConfig:
Comment: !Sub 'CloudFront Origin Access Identity for ${DomainName}'
DocsBucket:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
-
ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
Tags:
- Key: Domain
Value: !Ref DomainName
DocsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref DocsBucket
PolicyDocument:
Statement:
-
Effect: Allow
Action:
- s3:GetObject
Resource: !Sub "arn:aws:s3:::${DocsBucket}/*"
Principal:
CanonicalUser: !GetAtt DocsCloudFrontOriginAccessIdentity.S3CanonicalUserId
DocsOriginRequestRewriteLambda:
Type: AWS::Lambda::Function
Properties:
Description: Lambda function performing request URI rewriting.
Code:
ZipFile: |
'use strict';
// This is a a placeholder lambda function. Use the AWS Lambda console
// to add/update the contents of deploy/edge.js to the actual Lambda
// function and deploy it to Lambda@Edge
const { request } = event.Records[0].cf;
exports.handler = (event, context, callback) => {
callback(null, request);
};
Handler: index.handler
MemorySize: 128
Role: !Sub ${DocsOriginRequestRewriteLambdaRole.Arn}
Runtime: nodejs12.x
Tags:
- Key: Domain
Value: !Ref DomainName
DocsOriginRequestRewriteLambdaVersion:
Type: AWS::Lambda::Version
Properties:
FunctionName: !Ref DocsOriginRequestRewriteLambda
Description: !Sub "URL rewriting for ${DomainName}"
DocsOriginRequestRewriteLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- edgelambda.amazonaws.com
- lambda.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
DocsCircleCIDeployUser:
Type: AWS::IAM::User
Properties:
Policies:
- PolicyName: giveaccesstoupdatedocsbuckets
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetBucketLocation
Resource:
- !Sub "arn:aws:s3:::${DocsBucket}"
- Effect: Allow
Action:
- s3:PutObject
- s3:PutObjectAcl
- s3:DeleteObject
Resource:
- !Sub "arn:aws:s3:::${DocsBucket}/*"
- Effect: Allow
Action:
- cloudfront:GetDistribution
- cloudfront:CreateInvalidation
Resource: "*"
DocsCircleCIDeployAccessKey:
Type: AWS::IAM::AccessKey
Properties:
UserName: !Ref DocsCircleCIDeployUser