# template.yaml (CloudFormation)
AWSTemplateFormatVersion: '2010-09-09'
Description: Secure serverless website (AWS) - S3 private origin + CloudFront + WAF
Resources:
LogsBucket:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
SiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
VersioningConfiguration:
Status: Enabled
LoggingConfiguration:
DestinationBucketName: !Ref LogsBucket
LogFilePrefix: s3/
SiteBucketPublicAccessBlock:
Type: AWS::S3::BucketPublicAccessBlock
Properties:
Bucket: !Ref SiteBucket
BlockPublicAcls: true
IgnorePublicAcls: true
BlockPublicPolicy: true
RestrictPublicBuckets: true
WafAcl:
Type: AWS::WAFv2::WebACL
Properties:
Name: auto-arch-waf
Scope: CLOUDFRONT
DefaultAction: ...
↑ Auto-generated from your CloudFormation code
