cloudformation.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: timweber.name and tim-weber.name

Resources:

  # A CloudFormation distribution that provides https://scy.github.io/timweber.name/public/ at https://timweber.name/
  CFDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true
        Aliases: [ timweber.name ]
        HttpVersion: http2
        PriceClass: PriceClass_100 # el cheapo
        Origins:
        - Id: GitHub
          DomainName: scy.github.io
          OriginPath: /timweber.name/public
          CustomOriginConfig:
            OriginProtocolPolicy: http-only
        DefaultRootObject: index.html
        DefaultCacheBehavior:
          TargetOriginId: GitHub
          Compress: true
          ForwardedValues:
            QueryString: false
          ViewerProtocolPolicy: redirect-to-https
        ViewerCertificate:
          # A certificate I registered for timweber.name
          AcmCertificateArn: arn:aws:acm:us-east-1:859949227357:certificate/974baac1-c657-41c1-8896-31b563d72095
          SslSupportMethod: sni-only
          MinimumProtocolVersion: TLSv1

  # This bucket redirects www.timweber.name to timweber.name (without www.)
  WWWRedirectBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: www.timweber.name
      AccessControl: BucketOwnerFullControl
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: timweber.name
      Tags:
      - Key: Project
        Value: timweber

  # This bucket redirects tim-weber.name to timweber.name (without the dash)
  DashRedirectBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: tim-weber.name
      AccessControl: BucketOwnerFullControl
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: timweber.name
      Tags:
      - Key: Project
        Value: timweber

  # This bucket redirects www.tim-weber.name to timweber.name (without www. and without the dash)
  WWWDashRedirectBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: www.tim-weber.name
      AccessControl: BucketOwnerFullControl
      WebsiteConfiguration:
        RedirectAllRequestsTo:
          HostName: timweber.name
      Tags:
      - Key: Project
        Value: timweber

  # DNS zone without the dash
  Zone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: timweber.name.
      HostedZoneTags:
      - Key: Project
        Value: timweber

  # DNS zone with the dash
  DashZone:
    Type: AWS::Route53::HostedZone
    Properties:
      Name: tim-weber.name.
      HostedZoneTags:
      - Key: Project
        Value: timweber

  # DNS records without the dash
  Records:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      Comment: timweber.name
      HostedZoneId: !Ref Zone
      RecordSets:
      # Alias timweber.name to CloudFront
      - Name: timweber.name.
        Type: A
        AliasTarget:
          HostedZoneId: Z2FDTNDATAQYW2 # global ID for CloudFormation
          DNSName: !GetAtt CFDistribution.DomainName
      # The www. redirect
      - Name: www.timweber.name.
        Type: CNAME
        ResourceRecords:
        - !Sub www.timweber.name.s3-website-${AWS::Region}.amazonaws.com
        TTL: 3600
      # Mailgun is the MX
      - Name: timweber.name.
        Type: MX
        ResourceRecords:
        - 10 mxa.mailgun.org.
        - 10 mxb.mailgun.org.
        TTL: 3600
      # Mailgun records
      - Name: timweber.name.
        Type: TXT
        ResourceRecords: [ '"v=spf1 include:mailgun.org ~all"' ]
        TTL: 3600
      - Name: mailo._domainkey.timweber.name.
        Type: TXT
        ResourceRecords: [ '"k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8o0Yx7pADJvbfzhfCLFvKJHFYu5kvhCQzv1YANeCp6quXf8UC3QfBsUIM5EEkDRHCsn6CnV+3Ki7pHBFCsF/tuRBtsRnp3TdXKDiff+n4RLZc9LqQJufum1GWzFNv4SmIQzc0wUWKp8Raau9D5yEKnykF5USyONYIdYUxIdrdHwIDAQAB"' ]
        TTL: 3600

  # DNS records with the dash
  DashRecords:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      Comment: tim-weber.name
      HostedZoneId: !Ref DashZone
      RecordSets:
      # The redirect to "without the dash"
      - Name: tim-weber.name.
        Type: A
        AliasTarget:
          HostedZoneId: Z1BKCTXD74EZPE # ID for S3 in eu-west-1
          DNSName: !Sub s3-website-${AWS::Region}.amazonaws.com
      # The www. redirect
      - Name: www.tim-weber.name.
        Type: CNAME
        ResourceRecords:
        - !Sub www.timweber.name.s3-website-${AWS::Region}.amazonaws.com
        TTL: 3600
      # Mailgun is the MX
      - Name: tim-weber.name.
        Type: MX
        ResourceRecords:
        - 10 mxa.mailgun.org.
        - 10 mxb.mailgun.org.
        TTL: 3600
      # Mailgun records
      - Name: tim-weber.name.
        Type: TXT
        ResourceRecords: [ '"v=spf1 include:mailgun.org ~all"' ]
        TTL: 3600
      - Name: krs._domainkey.tim-weber.name.
        Type: TXT
        ResourceRecords: [ '"k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpcPxNMVJ6WBug2i2BSnUNytQRBNtJCa91HQTGWgQ/dihywg+dBEJ+9PtzNKZhEYDf2GCyhCPzKlHx5WinsgLVXnB0CncqgKbaTOkPa8+yJN+87Lji3NlycdN5SFvXO9w7qKoC4LHQYBc6aRDCAzU/hJh0+Qgt/7cfNHBOWbhpeQIDAQAB"' ]
        TTL: 3600