Merge pull request #52 from rrigato/dev

s3 bucket for cloudfront logging
rrigato · May 18, 2024 · e43881a · e43881a
2 parents 97e3d17 + 5f3a315
commit e43881a
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/templates/prod_resource_import.yml → templates/prod_homepage.yml b/templates/prod_resource_import.yml → templates/prod_homepage.yml
@@ -20,6 +20,10 @@ Parameters:
     Default: Z2FDTNDATAQYW2
     Description: Route 53 Hosted Zone id
 
+  ProjectName:
+    Type: String
+    Default: homepage
+
 
 
 
@@ -28,6 +32,15 @@ Conditions:
       !Equals [ !Ref BucketName, ryanrigato.com ]
 
 Resources:
+  ApplicationLogBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Sub '${ProjectName}-logging'
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerPreferred
+
+
   WebsiteBucket:
     Condition: RetainResourcesCreated
     Properties:
@@ -43,7 +56,7 @@ Resources:
       Tags:
           -
               Key: accessType
-              Value: bucketPolicyWithOAI      
+              Value: bucketPolicyWithOAI
           -
               Key: use
               Value: website
@@ -69,7 +82,7 @@ Resources:
             Action: s3:GetObject
             # ensuring that the static s3 bucket can only be accessed
             # through cloudfront
-            Principal: 
+            Principal:
               CanonicalUser:
                 !GetAtt CloudFrontOai.S3CanonicalUserId
             Resource: !Sub "arn:aws:s3:::${BucketName}/*"
@@ -117,7 +130,6 @@ Resources:
 ###########################
 #Content delivery network
 #for the static (html/css/js) content
-#
 ##########################
   StaticWebpageCdn:
     DependsOn: CloudFrontOai
@@ -137,6 +149,10 @@ Resources:
               - - 'www'
                 - !Ref BucketName
         Enabled: true
+        Logging:
+          Bucket: !GetAtt ApplicationLogBucket.DomainName
+          IncludeCookies: false
+          Prefix: cdnlogs/
         DefaultCacheBehavior:
           ForwardedValues:
             QueryString: true
@@ -185,7 +201,7 @@ Resources:
 Outputs:
   OaiS3CanonicalUserId:
     Description: |
-      Canonical ID which can be used to restrict s3 bucket access to go 
+      Canonical ID which can be used to restrict s3 bucket access to go
       through cloudfront
 
     Value: !GetAtt CloudFrontOai.S3CanonicalUserId