CloudFormation Templates

CloudFormation Infrastructure Templates

This page showcases a series of AWS CloudFormation templates I wrote from scratch to provision secure, scalable infrastructure. These templates were built as part of my DevOps learning journey and reflect production-level practices such as Origin Access Identity (OAI), secure S3 bucket policies, and automated deployments.

Featured Template: Static Website with S3 & CloudFront

This template provisions a private S3 bucket, a CloudFront distribution with Origin Access Identity (OAI), and a secure bucket policy. It enables global, HTTPS-accessible static site hosting with fine-grained access control.

Key Services: S3, CloudFront, OAI, BucketPolicy

Live Demo: View Deployed Site

GitHub Repository: Static Site Template

Challenges Solved

Resolved a CREATE_FAILED error by using DependsOn to ensure the S3 bucket was created before the policy applied
Corrected bucket policy Resource to use /* to grant object-level access
Validated deployment via CloudFormation Events tab and CloudFront URL

Technologies & Services

Infrastructure as Code: AWS CloudFormation (YAML)
Storage: Amazon S3 (private buckets, website hosting)
Content Delivery: AWS CloudFront (global edge delivery)
Security: IAM, Origin Access Identity (OAI), S3 BucketPolicy
Monitoring: CloudFormation Stack Events

Template Roadmap

Coming soon: additional templates including

VPC with public/private subnets and NAT Gateway
EC2-based web server stack with auto-scaling
CI/CD pipeline using CodePipeline + CodeBuild
Lambda + S3 + SNS event-driven workflow

Code Preview

This is a snippet from the static website template:

Resources:
  MyStaticWebsite:
    Type: AWS::S3::Bucket
    Properties:
      WebsiteConfiguration:
        IndexDocument: index.html
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true

  MyOAI:
    Type: AWS::CloudFront::CloudFrontOriginAccessIdentity
    Properties:
      CloudFrontOriginAccessIdentityConfig:
        Comment: Access Identity For The S3 Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    DependsOn: MyStaticWebsite
    Properties:
      Bucket: 
        Ref: MyStaticWebsite
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action: s3:GetObject
            Resource: 
              Fn::Sub: arn:aws:s3:::${MyStaticWebsite}/*
            Principal:
              CanonicalUser:
                Fn::GetAtt: [MyOAI, S3CanonicalUserId]

Deployment Screenshot

CloudFormation Stack Success — CloudFormation Stack Created Successfully