---
AWSTemplateFormatVersion: '2010-09-09'
Description: Handel-created S3 bucket

Resources:
  Bucket:
    Type: "AWS::S3::Bucket"
    Properties:
      AccessControl: PublicRead
      BucketName: {{bucketName}}
      LoggingConfiguration:
        DestinationBucketName: {{loggingBucketName}}
        LogFilePrefix: {{logFilePrefix}}
      VersioningConfiguration: 
        Status: {{versioningStatus}}
      {{#if tags}}
      Tags:
      {{#each tags}}
      - Key: {{@key}}
        Value: {{this}}
      {{/each}}
      {{/if}}
      WebsiteConfiguration:
        IndexDocument: {{indexDocument}}
        ErrorDocument: {{errorDocument}}
  BucketPolicy:
    Type: "AWS::S3::BucketPolicy"
    Properties: 
      Bucket: !Ref Bucket
      PolicyDocument:
        Statement:
        - Effect: Allow
          Principal: '*'
          Action:
          - s3:GetObject
          Resource:
          - 'arn:aws:s3:::{{bucketName}}/*'

  {{#if cloudfront}}
  Cloudfront:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Comment: CDN for {{bucketName}}
        {{#if cloudfront.dnsNames}}
        Aliases:
        {{#each cloudfront.dnsNames}}
         - {{name}}
        {{/each}}
        {{/if}}
        Enabled: 'true'
        IPV6Enabled: true
        HttpVersion: http2
        {{#if cloudformation.logging}}
        Logging:
          Bucket: {{loggingBucketName}}.s3.amazonaws.com
          Prefix: {{logFilePrefix}}cloudfront/
        {{/if}}
        {{#if cloudfront.httpsCertificateId}}
        ViewerCertificate:
          AcmCertificateArn: !Sub "arn:aws:acm:us-east-1:${AWS::AccountId}:certificate/{{cloudfront.httpsCertificateId}}"
          SslSupportMethod: sni-only
          MinimumProtocolVersion: {{cloudfront.minimumHttpsProtocol}}
        {{/if}}
        DefaultCacheBehavior:
          AllowedMethods: [GET, HEAD, OPTIONS]
          Compress: true
          MinTTL: {{cloudfront.minTTL}}
          MaxTTL: {{cloudfront.maxTTL}}
          DefaultTTL: {{cloudfront.defaultTTL}}
          TargetOriginId: only-origin
          ForwardedValues:
            Headers: # There is a default CORS config even if you don't specify a custom CORS configuration
            - Origin
            - Access-Control-Request-Headers
            - Access-Control-Request-Method
            QueryString: true
          {{#if cloudfront.httpsCertificateId}}
          ViewerProtocolPolicy: redirect-to-https
          {{else}}
          ViewerProtocolPolicy: allow-all
          {{/if}}
        DefaultRootObject: {{indexDocument}}
        PriceClass: {{cloudfront.priceClass}}
        Origins:
        # We're using a custom origin instead of an S3 origin to allow for future support of redirects, etc.
        - Id: only-origin
          DomainName: !Select [ 1, !Split [ "://", !GetAtt Bucket.WebsiteURL ] ]
          CustomOriginConfig:
            HTTPPort: 80
            HTTPSPort: 443
            OriginProtocolPolicy: http-only

  {{#if cloudfront.dnsNames}}
  {{#each cloudfront.dnsNames}}
  DNS{{logicalId name}}:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneId: {{zoneId}}
      Comment: DNS for S3 Static Site {{bucketName}}
      RecordSets:
        - Name: {{name}}
          Type: A
          AliasTarget:
            HostedZoneId: Z2FDTNDATAQYW2
            DNSName: !GetAtt Cloudfront.DomainName
        - Name: {{name}}
          Type: AAAA
          AliasTarget:
            HostedZoneId: Z2FDTNDATAQYW2
            DNSName: !GetAtt Cloudfront.DomainName
  {{/each}}
  {{/if}}
  {{/if}}

Outputs:
  BucketName:
    Description: The name of the bucket
    Value: !Ref Bucket
  BucketArn:
    Description: The ARN of the bucket
    Value: !GetAtt Bucket.Arn
  {{#if cloudfront}}
  CloudfrontDistribution:
    Description: The Cloudfront Distribution ID
    Value: !Ref Cloudfront
  CloudfrontUrl:
    Description: The Cloudfront domain name
    Value: !GetAtt Cloudfront.DomainName
  {{/if}}