Permalink
Fetching contributors…
Cannot retrieve contributors at this time
262 lines (261 sloc) 8.87 KB
{
"Mappings": {
"WebsiteEndpoints": {
"ap-northeast-1": {
"endpoint": "s3-website-ap-northeast-1.amazonaws.com"
},
"ap-northeast-2": {
"endpoint": "s3-website.ap-northeast-2.amazonaws.com"
},
"ap-south-1": {
"endpoint": "s3-website.ap-south-1.amazonaws.com"
},
"ap-southeast-1": {
"endpoint": "s3-website-ap-southeast-1.amazonaws.com"
},
"ap-southeast-2": {
"endpoint": "s3-website-ap-southeast-2.amazonaws.com"
},
"ca-central-1": {
"endpoint": "s3-website.ca-central-1.amazonaws.com"
},
"eu-central-1": {
"endpoint": "s3-website.eu-central-1.amazonaws.com"
},
"eu-west-1": {
"endpoint": "s3-website-eu-west-1.amazonaws.com"
},
"eu-west-2": {
"endpoint": "s3-website.eu-west-2.amazonaws.com"
},
"eu-west-3": {
"endpoint": "s3-website.eu-west-3.amazonaws.com"
},
"sa-east-1": {
"endpoint": "s3-website-sa-east-1.amazonaws.com"
},
"us-east-1": {
"endpoint": "s3-website-us-east-1.amazonaws.com"
},
"us-east-2": {
"endpoint": "s3-website.us-east-2.amazonaws.com"
},
"us-west-1": {
"endpoint": "s3-website-us-west-1.amazonaws.com"
},
"us-west-2": {
"endpoint": "s3-website-us-west-2.amazonaws.com"
}
}
},
"Outputs": {
"BlogBucketArn": {
"Value": {
"Fn::Sub": [
"arn:aws:s3:::${Bucket}",
{
"Bucket": {
"Ref": "Blog"
}
}
]
}
},
"BlogBucketDomainName": {
"Value": {
"Fn::GetAtt": [
"Blog",
"DomainName"
]
}
},
"BlogBucketId": {
"Value": {
"Ref": "Blog"
}
},
"BlogWebsiteEndpoint": {
"Value": {
"Fn::FindInMap": [
"WebsiteEndpoints",
{
"Ref": "AWS::Region"
},
"endpoint"
]
}
},
"BlogWebsiteUrl": {
"Value": {
"Fn::GetAtt": [
"Blog",
"WebsiteURL"
]
}
}
},
"Resources": {
"Blog": {
"Properties": {
"AccessControl": "PublicRead",
"WebsiteConfiguration": {
"IndexDocument": "index.html"
}
},
"Type": "AWS::S3::Bucket"
},
"BlogBucketPolicy": {
"Properties": {
"Bucket": {
"Ref": "Blog"
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Principal": "*",
"Resource": [
{
"Fn::Sub": [
"arn:aws:s3:::${Bucket}/*",
{
"Bucket": {
"Ref": "Blog"
}
}
]
}
]
}
]
}
},
"Type": "AWS::S3::BucketPolicy"
},
"ReadPolicy": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Sub": [
"arn:aws:s3:::${Bucket}",
{
"Bucket": {
"Ref": "Blog"
}
}
]
},
{
"Fn::Sub": [
"arn:aws:s3:::${Bucket}/*",
{
"Bucket": {
"Ref": "Blog"
}
}
]
}
]
}
]
},
"PolicyName": {
"Fn::Sub": "${AWS::StackName}ReadPolicy"
},
"Roles": [
"Role1",
"Role2"
]
},
"Type": "AWS::IAM::Policy"
},
"ReadWritePolicy": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketVersioning"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Sub": [
"arn:aws:s3:::${Bucket}",
{
"Bucket": {
"Ref": "Blog"
}
}
]
}
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:DeleteObjectVersion"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Sub": [
"arn:aws:s3:::${Bucket}/*",
{
"Bucket": {
"Ref": "Blog"
}
}
]
}
]
}
]
},
"PolicyName": {
"Fn::Sub": "${AWS::StackName}ReadWritePolicy"
},
"Roles": [
"Role3",
"Role4"
]
},
"Type": "AWS::IAM::Policy"
}
}
}