serverless.yml

service: s3-hosting

custom:
  domain: ${param:domain, 'example.com'}

provider:
  name: aws
  runtime: nodejs20.x
  region: ${opt:region, 'us-east-1'}
  stage: ${opt:stage, 'live'}
  deploymentBucket:
    name: ${aws:accountId}-serverless-deploys
    blockPublicAccess: true

resources:
  Resources:
    S3HostingBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.domain}
        WebsiteConfiguration:
          IndexDocument: index.html
          ErrorDocument: error.html
        PublicAccessBlockConfiguration:
          BlockPublicAcls: false
        OwnershipControls:
          Rules:
            - ObjectOwnership: ObjectWriter

    S3BucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        Bucket:
          Ref: S3HostingBucket
        PolicyDocument:
          Statement:
            - Effect: Allow
              Principal: "*"
              Action:
                - "s3:GetObject"
              Resource:
                Fn::Join: [
                  "", [
                    "arn:aws:s3:::",
                    {
                      "Ref": "S3HostingBucket"
                    },
                    "/*"
                  ]
                ]

    Certificate:
      Type: AWS::CertificateManager::Certificate
      Properties:
        DomainName: ${self:custom.domain}
        DomainValidationOptions:
          - DomainName: ${self:custom.domain}
            ValidationDomain: ${self:custom.domain}
        ValidationMethod: DNS

    CDN:
      Type: AWS::CloudFront::Distribution
      DependsOn:
        - S3HostingBucket
        - Certificate
      Properties:
        DistributionConfig:
          Comment: ${self:custom.domain} website
          Origins:
            - DomainName: !GetAtt S3HostingBucket.DomainName
              Id: !Join ['', [!Select [0, !Split ['.', '${self:custom.domain}']], '-origin']]
              S3OriginConfig:
                OriginAccessIdentity: ""
          DefaultCacheBehavior:
            TargetOriginId: !Join ['', [!Select [0, !Split ['.', '${self:custom.domain}']], '-origin']]
            ViewerProtocolPolicy: redirect-to-https
            AllowedMethods:
              - GET
              - HEAD
            CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6
            Compress: true
            FunctionAssociations:
              - EventType: viewer-request
                FunctionARN: !GetAtt CDNFunction.FunctionMetadata.FunctionARN
          Enabled: true
          DefaultRootObject: index.html
          HttpVersion: http2
          Aliases:
            - ${self:custom.domain}
          ViewerCertificate:
            AcmCertificateArn: !Ref Certificate
            SslSupportMethod: sni-only
            MinimumProtocolVersion: TLSv1.2_2021

    CDNFunction:
      Type: AWS::CloudFront::Function
      Properties:
        AutoPublish: true
        FunctionCode: |
          function handler(event) {
            var request = event.request;
            var uri = request.uri;
            
            // Check whether the URI is missing a file name.
            if (uri.endsWith('/')) {
                request.uri += 'index.html';
            } 
            // Check whether the URI is missing a file extension.
            else if (!uri.includes('.')) {
                request.uri += '/index.html';
            }

            return request;
          }
        FunctionConfig:
          Comment: Redirect-Default-Index-Request
          Runtime: cloudfront-js-1.0
        Name: !Join ['', [!Select [0, !Split ['.', '${self:custom.domain}']], '-index-redirect']]

    Route53Record:
      Type: AWS::Route53::RecordSet
      DependsOn:
        - CDN
      Properties:
        HostedZoneName: ${self:custom.domain}.
        Name: ${self:custom.domain}.
        Type: A
        AliasTarget:
          HostedZoneId: Z2FDTNDATAQYW2
          DNSName: !GetAtt 
            - CDN
            - DomainName