AWS, CloudFormation, devops, json, mac, S3

AWS CloudFormation Script for S3 bucket creation in json format

Step 1: Setup AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/cli-install-macos.html

Read CloudFormation Template Basics

Step 2: Template Creation

Create s3_bucket_creation.json as follows:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Template to create a S3 bucket",
  "Parameters": {
    "S3BucketName": {
      "Description": "S3 BucketName",
      "Type": "String"
    },
    "S3BucketUsers": {
      "Description": "Comma separated names of S3 Bucket Users",
      "Type": "CommaDelimitedList"
    }
  },
  "Resources": {
    "S3Bucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "AccessControl": "Private",
        "BucketName": {
          "Ref": "S3BucketName"
        },
        "VersioningConfiguration": {
          "Status" : "Enabled"
        }
      }
    },
    "S3BucketPolicy": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket" : { "Ref": "S3Bucket" },
        "PolicyDocument" : {
          "Version":"2012-10-17",
          "Statement":[
            {
              "Sid":"BucketPolicy",
              "Effect":"Allow",
              "Principal": {
                "AWS" : {"Ref": "S3BucketUsers"}
              },
              "Action":"*",
              "Resource": { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "S3Bucket" } , "/*" ]]}
            }
          ]
        }
      }
    }
  },
  "Outputs": {
    "S3BucketNameUsed":{
      "Description": "S3 bucket name",
      "Value" : { "Ref" : "S3BucketName"}
    },
    "S3BucketArn" :{
      "Description" : "S3 Bucket Arn",
      "Value" : {
        "Fn::GetAtt": [
          "S3Bucket",
          "Arn"
        ]
      }
    }
  }
}

Create s3_bucket_creation_parameters.json file as follows:

[
  {
    "ParameterKey": "S3BucketName",
    "ParameterValue": "s3-my-bucket"
  },
  {
    "ParameterKey": "S3BucketUsers",
    "ParameterValue": "arn:aws:iam::xxxxxxxxxxxx:user/xxx,arn:aws:iam::xxxxxxxxxxxx:user/yyy"
  }
]

Create s3_bucket_creation_tags.json file as follows:

[
  {
    "Key": "owner",
    "Value": "xxxxx"
  },
  {
    "Key": "contact-email",
    "Value": "xxx.yyy@zzz.com"
  }
]

Note: You need to know AWS account ID and the users to restrict access to the S3 bucket

Step 3: Run the CloudFormation template from aws cli

aws cloudformation create-stack –stack-name s3_bucket_creation –template-body file://s3_bucket_creation.json –parameters file://s3_bucket_creation_parameters.json –tags file://s3_bucket_creation_tags.json –capabilities CAPABILITY_IAM

Step 4: Login to AWS Console. In CloudFormation screen, you can see the status of the template.

Screen Shot 2018-05-03 at 4.06.02 PM

Step 5: If the template creation is successful, the S3 bucket can be seen in AWS S3 console.

Screen Shot 2018-05-03 at 4.08.02 PM

 

1 thought on “AWS CloudFormation Script for S3 bucket creation in json format”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s