{ "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "DomainName": { "Type": "String" }, "IAMDeployUser": { "Type": "String" } }, "Resources" : { "Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": { "Ref": "DomainName" }, "WebsiteConfiguration": { "IndexDocument": "index.html", "ErrorDocument": "404.html" } } }, "WWWBucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": { "Fn::Join": [ "", [ "www.", { "Ref": "DomainName" } ] ] }, "WebsiteConfiguration": { "RedirectAllRequestsTo": { "HostName": { "Ref": "DomainName" }, "Protocol": "https" } } } }, "BucketPolicy": { "Type": "AWS::S3::BucketPolicy", "DependsOn": "Bucket", "Properties": { "Bucket" : { "Ref": "DomainName" }, "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "DomainName" }, "/*" ] ] } }, { "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:aws:iam::", { "Ref": "AWS::AccountId" }, ":user/", { "Ref": "IAMDeployUser" } ] ] } }, "Action": "s3:*", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "DomainName" }, "/*" ] ] }, { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "DomainName" } ] ] } ] } ] } } }, "WWWBucketPolicy": { "Type": "AWS::S3::BucketPolicy", "DependsOn": "WWWBucket", "Properties": { "Bucket": { "Fn::Join": [ "", [ "www.", { "Ref": "DomainName" } ] ] }, "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject" ], "Resource": { "Fn::Join": [ "", [ "arn:aws:s3:::www.", { "Ref": "DomainName" }, "/*" ] ] } } ] } } } } }