--- AWSTemplateFormatVersion: '2010-09-09' Description: ALB with HTTPS listener and fixed response (using lookup for R53 zone id) Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "ALB Configuration" Parameters: - VPCID - Subnets - R53Zone Parameters: VPCID: Type: AWS::EC2::VPC::Id Description: VPCID Subnets: Type: List Description: Public Subnets (min 2) from VPC R53Zone: Type: String Description: R53 Domain for ALB DNS entry Default: domain.without.dot.in.the.end.com ResourceLookupRoleArn: Type: String Description: Role ARN for Resource::Lookup Default: arn:aws:iam::123456789012:role/example-resource-lookup-role-ResourceLookupRole-DEADBEEF1234 Rules: SubnetsInVPC: Assertions: - Assert: Fn::EachMemberIn: - Fn::ValueOf: - Subnets - VpcId - - !Ref VPCID AssertDescription: All subnets must be within the given VPC Outputs: URL: Description: ALB URL Value: !Sub 'https://${AWS::StackName}.${R53Zone}/' Resources: ZoneLookup: Type: AwsCommunity::Resource::Lookup Properties: JmesPathQuery: !Sub "Name == '${R53Zone}.'" ResourceLookupRoleArn: !Ref 'ResourceLookupRoleArn' TypeName: AWS::Route53::HostedZone R53Record: Type: AWS::Route53::RecordSet Properties: Type: A AliasTarget: HostedZoneId: !GetAtt ALB.CanonicalHostedZoneID DNSName: !GetAtt ALB.DNSName Comment: !Sub '${AWS::StackName} ALB alias' HostedZoneId: !GetAtt ZoneLookup.ResourceIdentifier Name: !Sub '${AWS::StackName}.${R53Zone}.' SSLCert: Type: AWS::CertificateManager::Certificate Properties: DomainName: !Sub '${AWS::StackName}.${R53Zone}' DomainValidationOptions: - DomainName: !Sub '${AWS::StackName}.${R53Zone}' HostedZoneId: !GetAtt ZoneLookup.ResourceIdentifier ValidationMethod: DNS ALB: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Type: application Scheme: internet-facing Subnets: !Ref Subnets SecurityGroups: - !Ref ALBSecGroup ALBSecGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: !Sub "${AWS::StackName} ALB, allow port 443 from" SecurityGroupIngress: - CidrIp: FromPort: 443 ToPort: 443 IpProtocol: tcp VpcId: !Ref VPCID Listener: Type: AWS::ElasticLoadBalancingV2::Listener Properties: DefaultActions: - Type: fixed-response Order: 1 FixedResponseConfig: ContentType: text/html StatusCode: 200 MessageBody: "Hello

Hello World!

" LoadBalancerArn: !Ref ALB Port: 443 Protocol: HTTPS Certificates: - CertificateArn: !Ref SSLCert