· 4 years ago · Mar 25, 2021, 06:16 PM
1service: life-sf
2
3provider:
4 name: aws
5 region: eu-west-3
6 runtime: provided.al2
7 environment:
8 # Symfony environment variables
9 APP_ENV: prod
10 DATABASE_URL: ${ssm:/life-sf-dev/db-dsn}
11
12plugins:
13 - ./vendor/bref/bref
14
15package:
16 exclude:
17 - node_modules/**
18 - tests/**
19 - var/**
20 include:
21 - var/cache/prod/** # allows to deploy a pre-warmed container
22
23functions:
24 website:
25 handler: public/index.php
26 memorySize: 512 # set to 512M instead of 1024M (the default)
27 timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
28 layers:
29 - ${bref:layer.php-80-fpm}
30 events:
31 - httpApi: '*'
32 vpc:
33 securityGroupIds:
34 - sg-13c4767d
35 subnetIds:
36 - subnet-0fc39174
37 - subnet-fbd6ed92
38 - subnet-b2bcdbff
39 console:
40 handler: bin/console
41 timeout: 120 # in seconds
42 memorySize: 2048 # set to 512M instead of 1024M (the default)
43 layers:
44 - ${bref:layer.php-80} # PHP
45 - ${bref:layer.console} # The "console" layer
46 vpc:
47 securityGroupIds:
48 - sg-13c4767d
49 subnetIds:
50 - subnet-0fc39174
51 - subnet-fbd6ed92
52 - subnet-b2bcdbff
53
54resources:
55 Resources:
56 # The S3 bucket that stores the assets
57 Assets:
58 Type: AWS::S3::Bucket
59 Properties:
60 BucketName: sf-life-dev
61 CorsConfiguration:
62 CorsRules:
63 - AllowedHeaders: ["*"]
64 AllowedMethods: [GET]
65 AllowedOrigins: ["*"]
66 # The policy that makes the bucket publicly readable
67 AssetsBucketPolicy:
68 Type: AWS::S3::BucketPolicy
69 Properties:
70 Bucket: !Ref Assets # References the bucket we defined above
71 PolicyDocument:
72 Statement:
73 - Effect: Allow
74 Principal: '*' # everyone
75 Action: 's3:GetObject' # to read
76 Resource: !Join ['/', [!GetAtt Assets.Arn, '*']] # things in the bucket
77 # alternatively you can write out Resource: 'arn:aws:s3:::<bucket-name>/*'
78
79
80 WebsiteCDN:
81 Type: AWS::CloudFront::Distribution
82 Properties:
83 DistributionConfig:
84 Enabled: true
85 # Cheapest option by default (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DistributionConfig.html)
86 PriceClass: PriceClass_100
87 # Enable http2 transfer for better performances
88 HttpVersion: http2
89 # Origins are where CloudFront fetches content
90 Origins:
91 # The website (AWS Lambda)
92 - Id: Website
93 DomainName: !Join ['.', [!Ref HttpApi, 'execute-api', !Ref AWS::Region, 'amazonaws.com']]
94 CustomOriginConfig:
95 OriginProtocolPolicy: 'https-only' # API Gateway only supports HTTPS
96 # CloudFront does not forward the original `Host` header. We use this
97 # to forward the website domain name to PHP via the `X-Forwarded-Host` header.
98 # Learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host
99 #OriginCustomHeaders:
100 # - HeaderName: 'X-Forwarded-Host'
101 # HeaderValue: example.com # our custom domain
102 # The assets (S3)
103 - Id: Assets
104 DomainName: !GetAtt Assets.RegionalDomainName
105 S3OriginConfig: {} # this key is required to tell CloudFront that this is an S3 origin, even though nothing is configured
106 # If you host a static website, like a SPA, use s3-website URLs instead of the config above
107 # See https://stackoverflow.com/questions/15309113/amazon-cloudfront-doesnt-respect-my-s3-website-buckets-index-html-rules#15528757
108 # DomainName: !Select [2, !Split ["/", !GetAtt Assets.WebsiteURL]]
109 # CustomOriginConfig:
110 # OriginProtocolPolicy: 'http-only' # S3 websites only support HTTP
111 # You'll also need to enable website hosting on your s3 bucket by configuring the WebsiteConfiguration property
112 # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-websiteconfiguration
113 # The default behavior is to send everything to AWS Lambda
114 DefaultCacheBehavior:
115 AllowedMethods: [GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE]
116 TargetOriginId: Website # the PHP application
117 # Disable caching for the PHP application https://aws.amazon.com/premiumsupport/knowledge-center/prevent-cloudfront-from-caching-files/
118 DefaultTTL: 0
119 MinTTL: 0
120 MaxTTL: 0
121 # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html
122 ForwardedValues:
123 QueryString: true
124 Cookies:
125 Forward: all # Forward cookies to use them in PHP
126 # We must *not* forward the `Host` header else it messes up API Gateway
127 Headers:
128 - 'Accept'
129 - 'Accept-Encoding'
130 - 'Accept-Language'
131 - 'Authorization'
132 - 'Origin'
133 - 'Referer'
134 # CloudFront will force HTTPS on visitors (which is more secure)
135 ViewerProtocolPolicy: redirect-to-https
136 CacheBehaviors:
137 # Assets will be served under the `/assets/` prefix
138 - PathPattern: 'assets/*'
139 TargetOriginId: Assets # the static files on S3
140 AllowedMethods: [GET, HEAD]
141 ForwardedValues:
142 # No need for all that with assets
143 QueryString: 'false'
144 Cookies:
145 Forward: none
146 ViewerProtocolPolicy: redirect-to-https
147 Compress: true # Serve files with gzip for browsers that support it (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html)
148 CustomErrorResponses:
149 # Force CloudFront to not cache HTTP errors
150 - ErrorCode: 500
151 ErrorCachingMinTTL: 0
152 - ErrorCode: 504
153 ErrorCachingMinTTL: 0