-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetlify-cms-deployment.template.yaml
138 lines (131 loc) · 4.3 KB
/
netlify-cms-deployment.template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
AWSTemplateFormatVersion: '2010-09-09'
Description: |-
Deployment stage for a website using Netlify CMS.
Depends on https://github.com/dawaltconley/netlify-cms-aws
Parameters:
HostDomain:
Type: String
Description: Full domain name (including protocol) where Netlify CMS will be used.
ApiDomain:
Type: String
Description: Base domain where the api is hosted. Used to create an API Gateway custom domain name for this deployment.
Default: ''
ApiSubdomain:
Type: String
Description: Subdomain where the api is hosted. Used to create an API Gateway custom domain name for this deployment.
Default: api
ApiBasePath:
Type: String
Default: admin
CertificateArn:
Type: String
Default: ''
Route53Dns:
Type: String
Description: Whether this domain uses Route53 for its DNS
Default: 'true'
AllowedValues: ['true', 'false']
# Stack Variables
ClientAuth:
Type: 'AWS::SSM::Parameter::Value<List<String>>'
Description: >-
A SSM StringList Parameter, where the first parameter corresponds to the Client ID
and the second to the Client Secret used for authorizing with GitHub.
NoEcho: true
GitHostname:
Type: String
Default: https://github.com
OAuthProvider:
Type: String
Default: github
OAuthScopes:
Type: String
Default: user,repo
OAuthAuthorizePath:
Type: String
Default: /login/oauth/authorize
OAuthTokenPath:
Type: String
Default: /login/oauth/access_token
# Netlify stack config
NetlifyStackName:
Type: String
Description: Name of the stack exporting a Rest API ID for a self-hosted Netlify CMS.
Default: NetlifyCMSAuth
Conditions:
HasApiDomain: !Not [!Equals [!Ref ApiDomain, '']]
HasApiSubdomain: !Not [!Equals [!Ref ApiSubdomain, '']]
HasCertificate: !Not [!Equals [!Ref CertificateArn, '']]
HasCustomApiDomain: !And
- !Condition HasApiDomain
- !Condition HasCertificate
CreateRecordSetGroup: !And
- !Condition HasCustomApiDomain
- !Equals [!Ref Route53Dns, 'true']
Resources:
Deployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Fn::ImportValue: !Sub '${NetlifyStackName}-RestApiId'
StageName: !Ref AWS::StackName
StageDescription:
ThrottlingRateLimit: 100
ThrottlingBurstLimit: 50
LoggingLevel: ERROR
Variables:
CLIENT_ID: !Select [0, !Ref ClientAuth]
CLIENT_SECRET: !Select [1, !Ref ClientAuth]
DOMAIN: !Ref HostDomain
GIT_HOSTNAME: !Ref GitHostname
OAUTH_AUTHORIZE_PATH: !Ref OAuthAuthorizePath
OAUTH_PROVIDER: !Ref OAuthProvider
OAUTH_SCOPES: !Ref OAuthScopes
OAUTH_TOKEN_PATH: !Ref OAuthTokenPath
DomainName: # TODO conditionally create if none provided
Type: AWS::ApiGateway::DomainName
Condition: HasCustomApiDomain
Properties:
CertificateArn: !Ref CertificateArn
DomainName: !If [HasApiSubdomain, !Sub '${ApiSubdomain}.${ApiDomain}', !Ref ApiDomain]
EndpointConfiguration:
Types:
- EDGE
SecurityPolicy: TLS_1_2
BasePathMapping:
Type: AWS::ApiGateway::BasePathMapping
Condition: HasCustomApiDomain
Properties:
RestApiId:
Fn::ImportValue: !Sub '${NetlifyStackName}-RestApiId'
DomainName: !Ref DomainName
Stage: !Ref AWS::StackName
BasePath: !Ref ApiBasePath
RecordSetGroup:
Type: AWS::Route53::RecordSetGroup
Condition: CreateRecordSetGroup
Properties:
HostedZoneName: !Sub '${ApiDomain}.'
RecordSets:
- Name: !If [HasApiSubdomain, !Sub '${ApiSubdomain}.${ApiDomain}', !Ref ApiDomain]
Type: A
AliasTarget:
HostedZoneId: !GetAtt DomainName.DistributionHostedZoneId
DNSName: !GetAtt DomainName.DistributionDomainName
Outputs:
DeploymentId:
Value: !Ref Deployment # only value exported from api deployment
DeploymentStageName:
Value: !Ref AWS::StackName
DeploymentPath:
Condition: HasCustomApiDomain
Value: !Ref ApiBasePath
ApiDomainName:
Condition: HasCustomApiDomain
Value: !Ref DomainName
DistributionHostedZone:
Condition: HasCustomApiDomain
Value: !GetAtt DomainName.DistributionHostedZoneId
DistributionDomainName:
Condition: HasCustomApiDomain
Value: !GetAtt DomainName.DistributionDomainName