search

getlift / lift

Expanding Serverless Framework beyond functions using the AWS CDK
MIT License
917 stars 113 forks source link

[Static Website] Integrate automatic domain DNS mapping within Route53 #84

Open devsdevsdevs opened 3 years ago

devsdevsdevs commented 3 years ago

I am currently using the static website Serverless component found at https://github.com/serverless-components/website. It automatically sets up custom domain mappings with the Cloudfront CNAME if you are using Route53. Would it be possible to enable this feature here? I want to migrate to Lift as the Serverless component framework is restrictive in that I cannot use additional plugins etc.

mnapoli commented 3 years ago

Continuing the discussion from #92.

One challenge is helping setting up the ACM certificate. Route53 can then be set up using CDK/CloudFormation AFAICT.

The certificate could be created via SDK calls. Here is an idea how, as a user, this could work:

$ npm i serverless-lift

# edit serverless.yml to add website with custom domain

$ serverless deploy
...
Error: The 'landing' website uses a custom domain (mywebsite.com), but no HTTPS certificate was found for that domain in ACM (in us-east-1).
Run 'serverless landing:certificate' to set up that certificate interactively.

$ serverless landing:certificate

# if no certificate exists
No HTTPS certificate matching 'mywebsite.com' was found in ACM in us-east-1.
To create a certificate manually in the AWS console, stop this command and follow that link: https://...
We can also create that certificate interactively:
How do you want to validate the domain?
- Email validation (...)
- DNS validation (...)
OK, creating the certificate.
The certificate has been created. You now need to validate it by email/DNS.
Once validated, you can run 'serverless deploy' and the certificate will automatically be used.
# exit

# if a certificate exists but isn't validated
A matching HTTPS certificate exists in ACM in the us-east-1 region: mywebsite.com / *.mywebsite.com
However, that certificate is not validated yet.
More details in the AWS Console: https://...
# exit

# if a certificate exists and is validated
A matching HTTPS certificate exists in ACM in the us-east-1 region: mywebsite.com / *.mywebsite.com
This certificate will automatically be used by Lift.

WDYT?

Is there any way to make it simpler with less steps?

Note: I'm afraid of adding interactive steps in serverless deploy directly, I don't really want to hijack the default behavior.

bobwallis commented 2 years ago

For anyone coming across this... This is achievable using Lift plus only one extra plugin.

Certificate creation can be handled using https://www.serverless.com/plugins/serverless-certificate-creator

You can then access the certificate ARN in the Lift configuration like this:

constructs:
  website:
    type: server-side-website
    domain: ${env:DOMAIN}
    certificate: ${certificate(${self:custom.customCertificate.certificateName}):CertificateArn}

And then the Route53 records to link the domain to the Cloudfront distribution can just be created in the usual Serverless resources: section something like this:

resources:
  Resources:
    Route53Record0:
      Type: AWS::Route53::RecordSet
      Properties:
        HostedZoneId: ${env:HOSTED_ZONE_ID}
        Name: ${env:DOMAIN}
        Type: A
        AliasTarget:
          HostedZoneId: Z2FDTNDATAQYW2 # Cloudfront Route53 HostedZoneId. This does not change.
          DNSName: ${construct:website.cname}