Skip to content
This repository was archived by the owner on Oct 4, 2024. It is now read-only.

Added Bucket Versioning Configuration. #82

Merged
merged 3 commits into from
Sep 8, 2023
Merged

Added Bucket Versioning Configuration. #82

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a2ef07c
Added Bucket Versioning Configuration.
troy-ameigh Sep 8, 2023
416d488
Fixed linting issues
troy-ameigh Sep 8, 2023
2529469
typo fixed
troy-ameigh Sep 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 22 additions & 17 deletions templates/git2s3.template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,8 @@ Resources:
Type: AWS::S3::Bucket
Properties:
Tags: []
VersioningConfiguration:
Status: Enabled

CopyZips:
Type: AWS::CloudFormation::CustomResource
Expand All @@ -164,7 +166,7 @@ Resources:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Path: /
Policies:
- PolicyName: lambda-copier
Expand All @@ -182,7 +184,7 @@ Resources:
- s3:PutObject
- s3:DeleteObject
Resource:
- !Sub 'arn:aws:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*'
- !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*'
- Effect: Allow
Action:
- s3:*
Expand Down Expand Up @@ -261,6 +263,8 @@ Resources:
Type: AWS::S3::Bucket
Properties:
Tags: []
VersioningConfiguration:
Status: Enabled

OutputBucket:
Type: AWS::S3::Bucket
Expand All @@ -276,7 +280,8 @@ Resources:
KMSKey:
Type: AWS::KMS::Key
Properties:
Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3.
Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3.
EnableKeyRotation: true
KeyPolicy:
Version: '2012-10-17'
Statement:
Expand Down Expand Up @@ -336,7 +341,7 @@ Resources:
Condition:
Bool:
kms:GrantIsForAWSResource: true

CreateSSHKeyRole:
Type: AWS::IAM::Role
Properties:
Expand Down Expand Up @@ -382,8 +387,8 @@ Resources:
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- arn:aws:logs:*:*:*
- !Sub arn:${AWS::Partition}:logs:*:*:*

CreateSSHKeyLambda:
DependsOn: CopyZips
Type: AWS::Lambda::Function
Expand All @@ -396,7 +401,7 @@ Resources:
Code:
S3Bucket: !Ref 'LambdaZipsBucket'
S3Key: !Sub '${QSS3KeyPrefix}functions/packages/CreateSSHKey/lambda.zip'

CreateSSHKey:
Type: AWS::CloudFormation::CustomResource
Version: '1.0'
Expand All @@ -405,7 +410,7 @@ Resources:
KeyBucket: !Ref 'KeyBucket'
Region: !Ref 'AWS::Region'
KMSKey: !Ref 'KMSKey'

DeleteBucketContentsRole:
Type: AWS::IAM::Role
Properties:
Expand Down Expand Up @@ -451,7 +456,7 @@ Resources:
- logs:PutLogEvents
Resource:
- arn:aws:logs:*:*:*

DeleteBucketContentsLambda:
DependsOn: CopyZips
Type: AWS::Lambda::Function
Expand All @@ -464,7 +469,7 @@ Resources:
Code:
S3Bucket: !Ref 'LambdaZipsBucket'
S3Key: !Sub '${QSS3KeyPrefix}functions/packages/DeleteBucketContents/lambda.zip'

DeleteBucketContents:
Type: AWS::CloudFormation::CustomResource
Version: '1.0'
Expand All @@ -484,13 +489,13 @@ Resources:
Statement:
- Effect: "Allow"
Principal:
Service: "codebuild.amazonaws.com"
Action:
Service: "codebuild.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- !Ref CodeBuildEndpointPolicy
Tags:
Tags:
-
Key: 'tagging-policy'
Value: !Join ['-', ["test", "ok"]]
Expand All @@ -500,13 +505,13 @@ Resources:
Properties:
Description: Policy with base permissions for CodeBuild.
Path: /
Roles:
Roles:
- !Ref CodeBuildServiceRole
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: "Allow"
Action:
Action:
- "logs:CreateLogGroup"
- "logs:PutLogEvents"
- "logs:CreateLogStream"
Expand Down Expand Up @@ -680,7 +685,7 @@ Resources:
- mv ./enc_key.pem ~/.ssh/id_rsa
- ls ~/.ssh/
- echo "Setting SSH config profile"
- |
- |
cat > ~/.ssh/config <<EOF
Host *
AddKeysToAgent yes
Expand All @@ -695,7 +700,7 @@ Resources:
- |
if [ "$exclude_git" = "True" ]; then
zip -r $outputbucketkey ./ -x '*.git*'
else
else
zip -r $outputbucketkey ./
fi
- ls -alh
Expand Down