cfn-modules: AWS S3 bucket
AWS S3 bucket with encryption and backups.
Install
Install Node.js and npm first!
npm i @cfn-modules/s3-bucket
Usage
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
Bucket:
Type: 'AWS::CloudFormation::Stack'
Properties:
Parameters:
KmsKeyModule: !GetAtt 'Key.Outputs.StackName' # optional
BucketName: '' # optional
Access: Private # optional
Cors: Disabled # optional
Versioning: 'true' # optional
NoncurrentVersionExpirationInDays: '0' # optional
ExpirationInDays: '0' # optional
LambdaEventTargetLambdaModule1: '' # optional
LambdaEventType1: 's3:ObjectCreated:*' # optional
LambdaEventTargetLambdaModule2: '' # optional
LambdaEventType2: 's3:ObjectRemoved:*' # optional
LambdaEventTargetLambdaModule3: '' # optional
LambdaEventType3: 's3:ReducedRedundancyLostObject' # optional
TemplateURL: './node_modules/@cfn-modules/s3-bucket/module.yml'
Examples
Related modules
Parameters
| Name | Description | Default | Required? | Allowed values |
|---|---|---|---|---|
| KmsKeyModule | Stack name of kms-key module (only works in combination with Access := [Private, PublicRead]) | no | ||
| BucketName | name of the bucket | auto generated value | no | |
| Access | Access policy of the bucket | Private | no | [Private, PublicRead, CloudFrontRead, CloudFrontAccessLogWrite, ElbAccessLogWrite, ConfigWrite, CloudTrailWrite, FlowLogWrite, Custom] |
| Cors | CORS policy of the bucket | Disabled | no | [Disabled, AllowAll] |
| Versioning | Enable versioning to keep a backup if objects change | true | no | [true, false, 'false-but-was-true'] |
| NoncurrentVersionExpirationInDays | Remove noncurrent object versions after days (set to 0 to disable) | 0 | no | [0-N] |
| ExpirationInDays | Remove objects after days (set to 0 to disable). | 0 | no | [0-N] |
| LambdaEventTargetLambdaModule1 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
| LambdaEventType1 | S3 bucket events you want to receive (can not be the same as LambdaEventType2 or LambdaEventType3) | s3:ObjectCreated:* | no | Supported event types |
| LambdaEventTargetLambdaModule2 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
| LambdaEventType2 | S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType3) | s3:ObjectRemoved:* | no | Supported event types |
| LambdaEventTargetLambdaModule31 | Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. | no | ||
| LambdaEventType3 | S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType2) | s3:ReducedRedundancyLostObject | no | Supported event types |
Limitations
- Secure: Backups are only per object (you can not easily restore the whole bucket to a specific state)
- Secure: If you connect a Lambda function without setting the
BucketNameparameter the least privilege principle is softened: Invocations to the Lambda function are allowed from all S3 buckets inside your AWS account.