s3-iam-read-only-user.yaml
---

S3 Read Only User CloudFormation Deployment

This CloudFormation template will deploy an S3 IAM User which has only read access to the specified S3 bucket / path.

AWSTemplateFormatVersion: '2010-09-09'

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

BucketNamePath is the full path name to the bucket.

BucketNamePath: Type: String Description: ie ua-uits-ecs/distribution or just ua-uits-ecs

Metadata

Metadata is mostly for organizing and presenting Parameters in a better way when using CloudFormation in the AWS Web UI.

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: IAM User Configuration Parameters: - BucketNamePath ParameterLabels: BucketNamePath: default: 'Bucket Name with optional sub-folder:'

Resources

These are all of the resources deployed by this template.

Resources:

S3 Bucket User

This deploys the S3 bucket user with some policies attached.

S3BucketUser: Type: AWS::IAM::User Properties: Path: "/" Policies: - PolicyName: read-write-access PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:List* Resource: - "*" - Effect: Allow Action: - "s3:Get*" - "s3:List*" Resource: !Sub "arn:aws:s3:::${BucketNamePath}/*"