Skip to content

cfn-modules/s3-bucket

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cfn-modules: AWS S3 bucket

AWS S3 bucket with encryption and backups.

Install

Install Node.js and npm first!

npm i @cfn-modules/s3-bucket

Usage

---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules example'
Resources:
  Bucket:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      Parameters:
        KmsKeyModule: !GetAtt 'Key.Outputs.StackName' # optional
        BucketName: '' # optional
        Access: Private # optional
        Cors: Disabled # optional
        Versioning: 'true' # optional
        NoncurrentVersionExpirationInDays: '0' # optional
        ExpirationInDays: '0' # optional
        LambdaEventTargetLambdaModule1: '' # optional
        LambdaEventType1: 's3:ObjectCreated:*' # optional
        LambdaEventTargetLambdaModule2: '' # optional
        LambdaEventType2: 's3:ObjectRemoved:*' # optional
        LambdaEventTargetLambdaModule3: '' # optional
        LambdaEventType3: 's3:ReducedRedundancyLostObject' # optional
      TemplateURL: './node_modules/@cfn-modules/s3-bucket/module.yml'

Examples

Related modules

Parameters

Name Description Default Required? Allowed values
KmsKeyModule Stack name of kms-key module (only works in combination with Access := [Private, PublicRead]) no
BucketName name of the bucket auto generated value no
Access Access policy of the bucket Private no [Private, PublicRead, CloudFrontRead, CloudFrontAccessLogWrite, ElbAccessLogWrite, ConfigWrite, CloudTrailWrite, FlowLogWrite, Custom]
Cors CORS policy of the bucket Disabled no [Disabled, AllowAll]
Versioning Enable versioning to keep a backup if objects change true no [true, false, 'false-but-was-true']
NoncurrentVersionExpirationInDays Remove noncurrent object versions after days (set to 0 to disable) 0 no [0-N]
ExpirationInDays Remove objects after days (set to 0 to disable). 0 no [0-N]
LambdaEventTargetLambdaModule1 Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. no
LambdaEventType1 S3 bucket events you want to receive (can not be the same as LambdaEventType2 or LambdaEventType3) s3:ObjectCreated:* no Supported event types
LambdaEventTargetLambdaModule2 Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. no
LambdaEventType2 S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType3) s3:ObjectRemoved:* no Supported event types
LambdaEventTargetLambdaModule31 Stack name of lambda-function module to receive events from this S3 bucket. Also grants the Lambda function access to this bucket and this bucket access to the Lambda function. no
LambdaEventType3 S3 bucket events you want to receive (can not be the same as LambdaEventType1 or LambdaEventType2) s3:ReducedRedundancyLostObject no Supported event types

Limitations

  • Secure: Backups are only per object (you can not easily restore the whole bucket to a specific state)
  • Secure: If you connect a Lambda function without setting the BucketName parameter the least privilege principle is softened: Invocations to the Lambda function are allowed from all S3 buckets inside your AWS account.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published