Skip to content

Commit

Permalink
Initial Common S3 Templates. Derived originally from dxc-prototype.
Browse files Browse the repository at this point in the history
  • Loading branch information
@michael-crawford
michael-crawford committed Mar 27, 2019
1 parent 43f77e5 commit ae71e5e
Show file tree
Hide file tree
Showing 6 changed files with 938 additions and 0 deletions.
16 changes: 16 additions & 0 deletions Common-Buckets-StackPolicy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:Modify",
"Principal" : "*",
"Resource" : "*"
},
{
"Effect" : "Deny",
"Action" : [ "Update:Replace", "Update:Delete" ],
"Principal" : "*",
"Resource" : "*"
}
]
}
265 changes: 265 additions & 0 deletions Common-Buckets.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,265 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Common-Buckets Template.
This creates S3 Buckets which should exist in every Region. These buckets hold artifacts needed to build Stacks, which are not created as part of a Build Process.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Bucket Configuration
Parameters:
- Name
- AccountAlias
- UseGlacier
ParameterLabels:
Name:
default: Name
AccountAlias:
default: Account Alias
UseGlacier:
default: Use Glacier
Parameters:
Name:
Description: Name of the Environment associated with the Stack
Type: String
Default: Production
AllowedValues:
- Production
- Staging
- UAT
- QA
- Testing
- Development
- Build
- Core
- Recovery
- Log
- Identity
- Management
- Organization
ConstraintDescription: must be Production, Staging, UAT, QA, Testing, Development, Build, Core, Recovery, Log, Identity, Management or Organization.
AccountAlias:
Description: Unique Alias of the Account (if defined). If specified, the Alias instead of the AccountID is appended to bucket names to insure uniqueness.
Type: String
MaxLength: 32
Default: ''
AllowedPattern: (^$|^[a-z][-a-z0-9]*$)
ConstraintDescription: must begin with a lower case letter and contain lower case letters, numbers and dashes.
UseGlacier:
Description: Use Glacier for Archived Logs
Type: String
Default: true
AllowedValues:
- true
- false
ConstraintDescription: must be either true or false.
Conditions:
AppendAccountId: !Equals [ !Ref AccountAlias, '' ]
ConfigureGlacier: !Equals [ !Ref UseGlacier, true ]
Resources:
TemplatesBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- templates-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
ExpirationInDays: 425
NoncurrentVersionTransitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 395
Tags:
- Key: Name
Value: !Sub ${Name}-TemplatesBucket
DeletionPolicy: Retain
TemplatesBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref TemplatesBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AllowCloudFormationACLCheck
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: s3:GetBucketAcl
Resource: !Sub arn:aws:s3:::${TemplatesBucket}
- Sid: AllowCloudFormationRead
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: s3:GetObject
Resource: !Sub arn:aws:s3:::${TemplatesBucket}/*
DependsOn: TemplatesBucket
FunctionsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- functions-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
ExpirationInDays: 425
NoncurrentVersionTransitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 395
Tags:
- Key: Name
Value: !Sub ${Name}-FunctionsBucket
DeletionPolicy: Retain
ScriptsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- scripts-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
ExpirationInDays: 425
NoncurrentVersionTransitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 395
Tags:
- Key: Name
Value: !Sub ${Name}-ScriptsBucket
DeletionPolicy: Retain
ConfigurationsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- configurations-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
ExpirationInDays: 425
NoncurrentVersionTransitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 395
Tags:
- Key: Name
Value: !Sub ${Name}-ConfigurationsBucket
DeletionPolicy: Retain
ProductsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- products-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
ExpirationInDays: 425
NoncurrentVersionTransitions:
- StorageClass: STANDARD_IA
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 395
Tags:
- Key: Name
Value: !Sub ${Name}-ProductsBucket
DeletionPolicy: Retain
BackupsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub
- backups-${Account}-${AWS::Region}
- Account: !If [ AppendAccountId, !Ref 'AWS::AccountId', !Ref AccountAlias ]
AccessControl: Private
VersioningConfiguration:
Status: Enabled
LifecycleConfiguration:
Rules:
- Id: ReduceStorageCostsThenDeletePriorVersions
Status: Enabled
Prefix: ''
Transitions:
- StorageClass: !If [ ConfigureGlacier, GLACIER, STANDARD_IA ]
TransitionInDays: 90
ExpirationInDays: 365
NoncurrentVersionTransitions:
- StorageClass: !If [ ConfigureGlacier, GLACIER, STANDARD_IA ]
TransitionInDays: 30
NoncurrentVersionExpirationInDays: 180
Tags:
- Key: Name
Value: !Sub ${Name}-BackupsBucket
DeletionPolicy: Retain
Outputs:
TemplatesBucket:
Description: The Templates Bucket Name
Value: !Ref TemplatesBucket
Export:
Name: !Sub ${AWS::StackName}-TemplatesBucket
FunctionsBucket:
Description: The Functions Bucket Name
Value: !Ref FunctionsBucket
Export:
Name: !Sub ${AWS::StackName}-FunctionsBucket
ScriptsBucket:
Description: The Scripts Bucket Name
Value: !Ref ScriptsBucket
Export:
Name: !Sub ${AWS::StackName}-ScriptsBucket
ConfigurationsBucket:
Description: The Configurations Bucket Name
Value: !Ref ConfigurationsBucket
Export:
Name: !Sub ${AWS::StackName}-ConfigurationsBucket
ProductsBucket:
Description: The Products Bucket Name
Value: !Ref ProductsBucket
Export:
Name: !Sub ${AWS::StackName}-ProductsBucket
BackupsBucket:
Description: The Backups Bucket Name
Value: !Ref BackupsBucket
Export:
Name: !Sub ${AWS::StackName}-BackupsBucket
16 changes: 16 additions & 0 deletions Common-BuildBuckets-StackPolicy.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:Modify",
"Principal" : "*",
"Resource" : "*"
},
{
"Effect" : "Deny",
"Action" : [ "Update:Replace", "Update:Delete" ],
"Principal" : "*",
"Resource" : "*"
}
]
}
Loading

0 comments on commit ae71e5e

Please sign in to comment.