s3-bucket.yaml
---

S3 Bucket CloudFormation Deployment

This CloudFormation template will deploy an S3 bucket with it's own IAM user.

AWSTemplateFormatVersion: '2010-09-09'

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

The name of the bucket.

BucketName: Type: String Description: The name of the S3 Bucket.

Tags

The following tags are applied to all resources created by this template.

OwnerTag: Type: String Description: The owner or sponsor of this bucket. All resources will be tagged with this as the owner tag. OwnerNetidTag: Type: String Description: The name of the owner or sponsor for this website. All resources will be tagged with this as the netid tag. ProjectNameTag: Type: String Description: The project name of the owner or sponsor for this website. All resources will be tagged with this as the projectname tag.

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: S3 Bucket Configuration Parameters: - BucketName - Label: default: Tagging and Cost Management Parameters: - OwnerTag - OwnerNetidTag - ProjectNameTag ParameterLabels: BucketName: default: 'Bucket Name:' IAMUserName: default: 'IAM User Name:' OwnerTag: default: 'Owner''s Name:' OwnerNetidTag: default: 'NetID:' ProjectNameTag: default: 'Project Name:'

Resources

These are all of the resources deployed by this template.

Resources:

S3 Bucket

This deploys the S3 bucket with some tags.

S3Bucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref "BucketName" AccessControl: Private Tags: - Key: projectname Value: !Ref "ProjectNameTag" - Key: owner Value: !Ref "OwnerTag" - Key: netid Value: !Ref "OwnerNetidTag" - Key: blueprint Value: s3bucket

S3 Bukcet User

Creates an IAM user that can only connect to the S3 bucket specified.

S3BucketUser: Type: AWS::IAM::User Properties: Path: "/" Policies: - PolicyName: giveaccesstoqueueonly PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:List* Resource: - "*" - Effect: Allow Action: - s3:* Resource: !Sub "arn:aws:s3:::${S3Bucket}/*"

S3 Bucket User Access Key

The set of access keys given to the IAM user from above.

S3BucketUserAccessKey: Type: AWS::IAM::AccessKey Properties: UserName: !Ref "S3BucketUser"

Outputs

Output values that can be viewed from the AWS CloudFormation console.

Outputs: BucketName: Value: !Ref S3Bucket AccessKeyForUser: Value: !Ref S3BucketUserAccessKey SecretKeyForUser: Value: !GetAtt S3BucketUserAccessKey.SecretAccessKey