{

"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Cloudfront Demo Setup",
"Parameters": {
  "BucketName": {
    "Type": "String",
    "Description": "Name of the bucket to create"
  },
  "Aliases": {
    "Type": "CommaDelimitedList",
    "Description": "CNAMES for this distribution"
  },
  "ErrorBucketName": {
    "Type": "String",
    "Description": "Name of the bucket to hold the 403.html error page"
  },
  "AppLocation": {
    "Type": "String",
    "Description": "The DNS name you have deployed the app to (for example example.com)"
  },
  "DistributionComment": {
    "Type": "String",
    "Description": "Commeht section for the distribution"
  },
  "OriginAccessIdentity": {
    "Type": "String",
    "Description": "The value that CloudFront returned in the Id element when the origin access identity was created."
  }
},
"Mappings": {},
"Conditions": {},
"Resources": {
  "Bucket": {
    "Type": "AWS::S3::Bucket",
    "Properties": {
       "AccessControl": "Private",
       "BucketName": { "Ref": "BucketName" }
     }
  },
  "ErrorBucket": {
    "Type": "AWS::S3::Bucket",
    "Properties": {
       "AccessControl": "Private",
       "BucketName": { "Ref": "ErrorBucketName" }
     }
  },

  "BucketPolicy": {
    "Type": "AWS::S3::BucketPolicy",
    "Properties": {
      "Bucket": { "Ref": "Bucket" },
      "PolicyDocument": {
        "Version": "2008-10-17",
        "Id": "PolicyForCloudFrontPrivateContent",
        "Statement": [
          {
            "Sid": "1",
            "Effect": "Allow",
            "Principal": {
              "AWS": {"Fn::Join": [" ", ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity", { "Ref": "OriginAccessIdentity"}]]}
            },
            "Action": "s3:GetObject",
            "Resource": {"Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "Bucket"}, "/*"]]}
          }
        ]
      }
    }
  },

  "Distribution": {
    "Type": "AWS::CloudFront::Distribution",
    "Properties": {
      "DistributionConfig": {
        "Enabled": true,
        "Comment": {"Ref": "DistributionComment"},
        "Aliases": {"Ref": "Aliases"},
        "Origins": [
          {
            "DomainName": {"Fn::GetAtt":[ "Bucket", "DomainName"]},
            "Id": "S3",
            "S3OriginConfig": {
              "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]}
            }
          },
          {
            "DomainName": {"Fn::GetAtt":[ "ErrorBucket", "DomainName"]},
            "Id": "ErrorS3",
            "S3OriginConfig": {
              "OriginAccessIdentity": {"Fn::Join": ["", ["origin-access-identity/cloudfront/", {"Ref": "OriginAccessIdentity"}]]}
            }
          },
          {
            "DomainName": {"Ref": "AppLocation"},
            "Id": "Application",
            "CustomOriginConfig": {
              "OriginProtocolPolicy": "match-viewer"
            }
          }
        ],
        "CacheBehaviors": [
          {
            "TargetOriginId": "Application",
            "PathPattern": "/authorization/*",
            "ForwardedValues": {
              "QueryString": true,
              "Cookies": {
                "Forward": "whitelist",
                "WhitelistedNames": ["DUMMY"]
              }
            },
            "ViewerProtocolPolicy": "allow-all"
          },
          {
            "TargetOriginId": "ErrorS3",
            "PathPattern": "/errors/*",
            "ForwardedValues": {
              "QueryString": false
            },
            "ViewerProtocolPolicy": "allow-all"
          }
        ],
        "DefaultCacheBehavior": {
          "TargetOriginId": "S3",
          "ForwardedValues": {
            "QueryString": false
          },
          "ViewerProtocolPolicy": "allow-all",
          "TrustedSigners": ["self"]
        },
        "DefaultRootObject": "index.html",
        "CustomErrorResponses": [
          {
            "ErrorCode": 403,
            "ResponsePagePath": "/errors/403.html",
            "ResponseCode": 403
          }
        ]
      }
    }
  }
},
"Outputs": {
  "Distribution": {
    "Value": {"Ref": "Distribution"}
  },
  "ErrorBucket": {
    "Value": {"Ref": "ErrorBucket"}
  },
  "Bucket": {
    "Value": {"Ref": "Bucket"}
  }
}

}