AWS S3 bucket with encryption and backups.
Install Node.js and npm first!
npm i @cfn-modules/s3-bucket
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Bucket:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
KmsKeyModule: !GetAtt 'Key.Outputs.StackName' # optional
BucketName: '' # optional
Access: Private # optional
Versioning: 'true' # optional
NoncurrentVersionExpirationInDays: '0' # optional
ExpirationInDays: '0' # optional
LambdaEventTargetLambdaModule1: '' # optional
LambdaEventType1: 's3:ObjectCreated:*' # optional
LambdaEventTargetLambdaModule2: '' # optional
LambdaEventType2: 's3:ObjectRemoved:*' # optional
LambdaEventTargetLambdaModule3: '' # optional
LambdaEventType3: 's3:ReducedRedundancyLostObject' # optional
TemplateURL: './node_modules/@cfn-modules/s3-bucket/module.yml'
Name | Description | Default | Required? | Allowed values |
---|---|---|---|---|
KmsKeyModule | Stack name of kms-key module (only works in combination with Access := [Private, PublicRead]) | no | ||
BucketName | name of the bucket | auto generated value | no | |
Access | Access policy of the bucket | Private | no | [Private, PublicRead, CloudFrontRead, ElbAccessLogWrite, ConfigWrite, CloudTrailWrite] |
Versioning | Enable versioning to keep a backup if objects change | true | no | [true, false, 'false-but-was-true'] |
NoncurrentVersionExpirationInDays | Remove noncurrent object versions after days (set to 0 to disable) | 0 | no | [0-N] |
ExpirationInDays | Remove objects after days (set to 0 to disable). | 0 | no | [0-N] |
LambdaEventTargetLambdaModule1 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
LambdaEventType1 | S3 bucket events you want to receive (can not be the same as LambdaEventType2 or LambdaEventType3) | s3:ObjectCreated:* | no | Supported event types |
LambdaEventTargetLambdaModule2 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
LambdaEventType2 | S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType3) | s3:ObjectRemoved:* | no | Supported event types |
LambdaEventTargetLambdaModule31 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
LambdaEventType3 | S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType2) | s3:ReducedRedundancyLostObject | no | Supported event types |
- Secure: Backups are only per object (you can not easily restore the whole bucket to a specific state)
- Secure: If you connect a Lambda function without setting the
BucketName
parameter the least privilege principle is softened: Invocations to the Lambda function are allowed from all S3 buckets inside your AWS account.