diff --git a/301-Using-S3-Lifecycle-Policies-to-Reduce-Storage-Costs/lifecycle-rule.json b/301-Using-S3-Lifecycle-Policies-to-Reduce-Storage-Costs/lifecycle-rule.json index 9241d3c..d9bfdce 100644 --- a/301-Using-S3-Lifecycle-Policies-to-Reduce-Storage-Costs/lifecycle-rule.json +++ b/301-Using-S3-Lifecycle-Policies-to-Reduce-Storage-Costs/lifecycle-rule.json @@ -12,4 +12,8 @@ ] } ] -} \ No newline at end of file +<<<<<<< HEAD +} +======= +} +>>>>>>> d0119e3 (Updated READMEs) diff --git a/302-Using-S3-Intelligent-Tiering/tiering.json b/302-Using-S3-Intelligent-Tiering/tiering.json index e8485fe..79f43ee 100644 --- a/302-Using-S3-Intelligent-Tiering/tiering.json +++ b/302-Using-S3-Intelligent-Tiering/tiering.json @@ -1,4 +1,5 @@ { +<<<<<<< HEAD "IntelligentTieringConfiguration": { "Id": "awscookbook302", "Status": "Enabled", @@ -9,4 +10,15 @@ } ] } -} \ No newline at end of file +} +======= + "Id": "awscookbook302", + "Status": "Enabled", + "Tierings": [ + { + "Days": 90, + "AccessTier": "ARCHIVE_ACCESS" + } + ] +} +>>>>>>> d0119e3 (Updated READMEs) diff --git a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/.gitignore b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/.gitignore new file mode 100644 index 0000000..ccf9ec9 --- /dev/null +++ b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/.gitignore @@ -0,0 +1,3 @@ +s3-perms-policy.json +s3-replication.json +.venv \ No newline at end of file diff --git a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy-template.json b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy-template.json index 4765a3f..6a8415a 100644 --- a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy-template.json +++ b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy-template.json @@ -1,4 +1,5 @@ { +<<<<<<< HEAD "Version":"2012-10-17", "Statement":[ { @@ -34,4 +35,40 @@ } ] } - \ No newline at end of file + +======= + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":[ + "s3:GetObjectVersionForReplication", + "s3:GetObjectVersionAcl", + "s3:GetObjectVersionTagging" + ], + "Resource":[ + "arn:aws:s3:::SRCBUCKET/*" + ] + }, + { + "Effect":"Allow", + "Action":[ + "s3:ListBucket", + "s3:GetReplicationConfiguration" + ], + "Resource":[ + "arn:aws:s3:::SRCBUCKET" + ] + }, + { + "Effect":"Allow", + "Action":[ + "s3:ReplicateObject", + "s3:ReplicateDelete", + "s3:ReplicateTags" + ], + "Resource":"arn:aws:s3:::DSTBUCKET/*" + } + ] + } +>>>>>>> d0119e3 (Updated READMEs) diff --git a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy.json b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy.json index 9cff641..a7176b5 100644 --- a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy.json +++ b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-perms-policy.json @@ -1,4 +1,5 @@ { +<<<<<<< HEAD "Version":"2012-10-17", "Statement":[ { @@ -34,4 +35,40 @@ } ] } - \ No newline at end of file + +======= + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":[ + "s3:GetObjectVersionForReplication", + "s3:GetObjectVersionAcl", + "s3:GetObjectVersionTagging" + ], + "Resource":[ + "arn:aws:s3:::awscookbook303-src-b0jeyb/*" + ] + }, + { + "Effect":"Allow", + "Action":[ + "s3:ListBucket", + "s3:GetReplicationConfiguration" + ], + "Resource":[ + "arn:aws:s3:::awscookbook303-src-b0jeyb" + ] + }, + { + "Effect":"Allow", + "Action":[ + "s3:ReplicateObject", + "s3:ReplicateDelete", + "s3:ReplicateTags" + ], + "Resource":"arn:aws:s3:::awscookbook303-dst-b0jeyb/*" + } + ] + } +>>>>>>> d0119e3 (Updated READMEs) diff --git a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication-template.json b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication-template.json index b932188..8dd441f 100644 --- a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication-template.json +++ b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication-template.json @@ -1,4 +1,5 @@ { +<<<<<<< HEAD "Rules": [ { "Status": "Enabled", @@ -25,4 +26,35 @@ } ], "Role": "ROLEARN" -} \ No newline at end of file +} +======= + "Rules": [ + { + "Status": "Enabled", + "Filter": { + "Prefix": "" + }, + "Destination": { + "Bucket": "arn:aws:s3:::DSTBUCKET", + "Metrics": { + "Status": "Enabled", + "EventThreshold": { + "Minutes": 15 + } + }, + "ReplicationTime": { + "Status": "Enabled", + "Time": { + "Minutes": 15 + } + } + }, + "DeleteMarkerReplication": { + "Status": "Disabled" + }, + "Priority": 1 + } + ], + "Role": "ROLEARN" +} +>>>>>>> d0119e3 (Updated READMEs) diff --git a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication.json b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication.json index b8c7a07..b29715b 100644 --- a/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication.json +++ b/303-Replicating-S3-Buckets-to-Meet-Recovery-Point-Objectives/s3-replication.json @@ -1,4 +1,5 @@ { +<<<<<<< HEAD "Rules": [ { "Status": "Enabled", @@ -25,4 +26,35 @@ } ], "Role": "arn:aws:iam::611652777867:role/AWSCookbook303S3Role" -} \ No newline at end of file +} +======= + "Rules": [ + { + "Status": "Enabled", + "Filter": { + "Prefix": "" + }, + "Destination": { + "Bucket": "arn:aws:s3:::awscookbook303-dst-b0jeyb", + "Metrics": { + "Status": "Enabled", + "EventThreshold": { + "Minutes": 15 + } + }, + "ReplicationTime": { + "Status": "Enabled", + "Time": { + "Minutes": 15 + } + } + }, + "DeleteMarkerReplication": { + "Status": "Disabled" + }, + "Priority": 1 + } + ], + "Role": "arn:aws:iam::664865145641:role/AWSCookbook303S3Role" +} +>>>>>>> d0119e3 (Updated READMEs) diff --git a/305-Configuring-Application-Specific-Access-to-S3/.gitignore b/305-Configuring-Application-Specific-Access-to-S3/.gitignore index 0b28ff9..98bd9f5 100644 --- a/305-Configuring-Application-Specific-Access-to-S3/.gitignore +++ b/305-Configuring-Application-Specific-Access-to-S3/.gitignore @@ -1 +1,3 @@ -Recipe304Test.txt \ No newline at end of file +Recipe304Test.txt +app-1-policy.json +app-2-policy.json diff --git a/305-Configuring-Application-Specific-Access-to-S3/app-1-policy.json b/305-Configuring-Application-Specific-Access-to-S3/app-1-policy.json deleted file mode 100644 index ef65e3c..0000000 --- a/305-Configuring-Application-Specific-Access-to-S3/app-1-policy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version":"2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::611652777867:role/cdk-aws-cookbook-305-Instance1SSM06992D3D-16JUFT85L20KQ" - }, - "Action": ["s3:GetObject","s3:PutObject"], - "Resource": "arn:aws:s3:us-east-1:611652777867:accesspoint/cookbook305-app-1/object/*" - }] -} diff --git a/305-Configuring-Application-Specific-Access-to-S3/app-2-policy.json b/305-Configuring-Application-Specific-Access-to-S3/app-2-policy.json deleted file mode 100644 index 3d74cb8..0000000 --- a/305-Configuring-Application-Specific-Access-to-S3/app-2-policy.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "Version":"2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::611652777867:role/cdk-aws-cookbook-305-Instance2SSM9F9326DF-VOW0VSVV79RU" - }, - "Action": ["s3:GetObject"], - "Resource": "arn:aws:s3:us-east-1:611652777867:accesspoint/cookbook305-app-2/object/*" - }] -} diff --git a/305-Configuring-Application-Specific-Access-to-S3/cdk-AWS-Cookbook-305/cdk_aws_cookbook_305/cdk_aws_cookbook_305_stack.py b/305-Configuring-Application-Specific-Access-to-S3/cdk-AWS-Cookbook-305/cdk_aws_cookbook_305/cdk_aws_cookbook_305_stack.py index 6543e96..b9baea6 100644 --- a/305-Configuring-Application-Specific-Access-to-S3/cdk-AWS-Cookbook-305/cdk_aws_cookbook_305/cdk_aws_cookbook_305_stack.py +++ b/305-Configuring-Application-Specific-Access-to-S3/cdk-AWS-Cookbook-305/cdk_aws_cookbook_305/cdk_aws_cookbook_305_stack.py @@ -91,7 +91,7 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: iam_role1 = iam.Role(self, "Instance1SSM", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com")) - iam_role1.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2RoleforSSM")) + iam_role1.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore")) instance1 = ec2.Instance( self, @@ -104,7 +104,11 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None: iam_role2 = iam.Role(self, "Instance2SSM", assumed_by=iam.ServicePrincipal("ec2.amazonaws.com")) +<<<<<<< HEAD iam_role2.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AmazonEC2RoleforSSM")) +======= + iam_role2.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore")) +>>>>>>> d0119e3 (Updated READMEs) instance2 = ec2.Instance( self, diff --git a/306-Using-Amazon-S3-Bucket-Keys-with-KMS/.gitignore b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/.gitignore new file mode 100644 index 0000000..4b89b39 --- /dev/null +++ b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/.gitignore @@ -0,0 +1 @@ +bucket-policy.json \ No newline at end of file diff --git a/306-Using-Amazon-S3-Bucket-Keys-with-KMS/book_cover.png b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/book_cover.png new file mode 100644 index 0000000..467f3b4 Binary files /dev/null and b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/book_cover.png differ diff --git a/306-Using-Amazon-S3-Bucket-Keys-with-KMS/bucket-policy-template.json b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/bucket-policy-template.json new file mode 100644 index 0000000..97ca626 --- /dev/null +++ b/306-Using-Amazon-S3-Bucket-Keys-with-KMS/bucket-policy-template.json @@ -0,0 +1,18 @@ +{ + "Version":"2012-10-17", + "Id":"PutObjectPolicy", + "Statement":[{ + "Sid":"DenyUnEncryptedObjectUploads", + "Effect":"Deny", + "Principal":"*", + "Action":"s3:PutObject", + "Resource":"arn:aws:s3:::BUCKET_NAME/*", + "Condition":{ + "StringNotEquals":{ + "s3:x-amz-server-side-encryption":"aws:kms" + } + } + } + ] + } + \ No newline at end of file