--- 
AWSTemplateFormatVersion: '2010-09-09' 
Description: CloudFront configuration for S3 bucket 
Parameters: 
  SiteBucketName:
    Type: String
  CertificateExportName:
    Type: String
  CloudFrontCName: 
    Type: String 
    Description: "CloudFront CNames" 
    Default: "www.encryptaws.com" 
  HostedZoneId: 
    Type: String 
    Description: "Hosted Zone Id" 
    Default: "ZLND5TXS03SWZ" 
Resources: 
  CloudFrontOriginAccessIdentity: 
    Type: "AWS::CloudFront::CloudFrontOriginAccessIdentity" 
    Properties: 
      CloudFrontOriginAccessIdentityConfig: 
        Comment: CloudFrontOriginAccessIdentity for TLS Solution 
  CloudFront: 
    Type: "AWS::CloudFront::Distribution" 
    Properties: 
      DistributionConfig: 
        Aliases:  
          - !Ref CloudFrontCName 
        Enabled: true 
        Comment: "created by CloudFormation" 
        ViewerCertificate: 
          AcmCertificateArn: 
            Fn::ImportValue: !Sub "${CertificateExportName}" 
          MinimumProtocolVersion: TLSv1.1_2016 
          SslSupportMethod: sni-only 
        Enabled: true 
        Origins: 
          - Id: S3-Origin 
            DomainName: !Ref SiteBucketName
            S3OriginConfig: 
              OriginAccessIdentity: !Sub "origin-access-identity/cloudfront/${CloudFrontOriginAccessIdentity}" 
        DefaultRootObject: index.html 
        DefaultCacheBehavior: 
          TargetOriginId: S3-Origin 
          ViewerProtocolPolicy: redirect-to-https 
          DefaultTTL: 600 
          ForwardedValues: 
            QueryString: True 
            Cookies: 
              Forward: all 
          Compress: True 
  StaticSiteDomainName: 
    Type: "AWS::Route53::RecordSet" 
    Properties: 
      Type: A 
      HostedZoneId: !Ref 'HostedZoneId' 
      Name: !Ref 'CloudFrontCName' 
      AliasTarget: 
        DNSName: !GetAtt CloudFront.DomainName  #CloudFront.DomainName = d2y1cxx7cc6yud.cloudfront.net. 
        HostedZoneId: Z2FDTNDATAQYW2 #CloudFront Default HostedZoneId