Before going any further with improving the website I wanted to create a CloudFormation template for the technical design so far described in Hello Hugo.

This template, written in YAML, will:

  • Create an S3 Bucket
  • Create an S3 Bucket Policy allowing Public Read on all objects in the bucket
  • Point a Route53 DNS Record at the newly created bucket

All that is required when creating the stack is:

  • A name for the stack
  • A Hosted Zone ID of an existing HostedZone. (I assume you already have a Hosted Zone that you want to use.)
  • The desired web address of the new website
CloudFormation parameters for this template CloudFormation parameters for this template

Template resources

Without walking through the whole template in detail, these are some particular attributes to be aware of.

S3 Bucket

The DeletionPolicy on the bucket ensures that if the CloudFormation Stack is deleted then the bucket will not be deleted.

S3 Bucket Policy

By default objects uploaded to S3 are only accessible to IAM Users & Roles with the relevant permissions.

This policy grants s3:GetObject to Principal: “*“, meaning any user, even if unauthenticated, can get the objects.

Users don’t get s3:ListObjects. They have to browse the site by navigating pages, not listing pages and visiting directly.

Route53 Record

The AliasTarget type is an AWS feature which presents a DNS record as an Alias but actually is more like a CNAME. To create the AliasTarget record and point at an S3-Website the AWS owned HostedZone ID must be supplied. These are published in the docs, but added as a mapping in the template for convenience.

The FindInMap function inside the template will use the region in which the Stack was created to supply the correct HostedZone ID to Route53.

The Template