Skip to content

Commit 4212c6b

Browse files
TwsouzaTwsouza
committed
Set UserName with prefix convox
1 parent 96ffa7f commit 4212c6b

File tree

1 file changed

+115
-116
lines changed
  • provider/aws/templates/resource

1 file changed

+115
-116
lines changed

provider/aws/templates/resource/s3.tmpl

Lines changed: 115 additions & 116 deletions
Original file line numberDiff line numberDiff line change
@@ -1,136 +1,135 @@
11
{{ define "resource" }}
2-
{
3-
"AWSTemplateFormatVersion" : "2010-09-09",
4-
"Conditions": {
5-
"Topic": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "Topic" }, "" ] } ] },
6-
"Versioning": { "Fn::Equals": [ { "Ref": "Versioning" }, "true" ] }
2+
{
3+
"AWSTemplateFormatVersion": "2010-09-09",
4+
"Conditions": {
5+
"Topic": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "Topic" }, "" ] } ] },
6+
"Versioning":{ "Fn::Equals": [ { "Ref": "Versioning" }, "true" ] }
7+
},
8+
9+
"Parameters": {
10+
"Topic": {
11+
"Type": "String",
12+
"Default": "",
13+
"Description": "SNS resource name for change notifications"
714
},
8-
"Parameters": {
9-
"Topic": {
10-
"Type" : "String",
11-
"Default": "",
12-
"Description" : "SNS resource name for change notifications"
13-
},
14-
"Versioning": {
15-
"Type" : "String",
16-
"Default": "false",
17-
"Description" : "Enable versioning"
18-
}
19-
},
20-
"Resources": {
21-
"Bucket": {
22-
"Type": "AWS::S3::Bucket",
23-
"Properties": {
24-
"AccessControl": "Private",
25-
"OwnershipControls": {
26-
"Rules": [
27-
{
28-
"ObjectOwnership": "BucketOwnerPreferred"
29-
}
30-
]
31-
},
32-
"BucketEncryption": {
33-
"ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "aws:kms" } } ]
34-
},
35-
"BucketName": { "Ref": "AWS::StackName" },
36-
"NotificationConfiguration": {
37-
"Fn::If": [ "Topic",
38-
{
39-
"TopicConfigurations": [
40-
{
41-
"Event": "s3:ObjectCreated:*",
42-
"Topic": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" }
43-
},
44-
{
45-
"Event": "s3:ObjectRemoved:*",
46-
"Topic": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" }
47-
}
48-
]
49-
},
50-
{ "Ref" : "AWS::NoValue" }
51-
]
52-
},
53-
"VersioningConfiguration": { "Fn::If": [ "Versioning",
54-
{ "Status": "Enabled" },
55-
{ "Ref": "AWS::NoValue" }
56-
] },
57-
"Tags": [
15+
"Versioning": {
16+
"Type": "String",
17+
"Default": "false",
18+
"Description": "Enable versioning"
19+
}
20+
},
21+
"Resources": {
22+
"Bucket": {
23+
"Type": "AWS::S3::Bucket",
24+
"Properties": {
25+
"AccessControl": "Private",
26+
"OwnershipControls": { "Rules": [ { "ObjectOwnership": "BucketOwnerPreferred" } ] },
27+
"BucketEncryption": {
28+
"ServerSideEncryptionConfiguration": [
29+
{ "ServerSideEncryptionByDefault": { "SSEAlgorithm": "aws:kms" } }
30+
]
31+
},
32+
"BucketName": { "Ref": "AWS::StackName" },
33+
"NotificationConfiguration": {
34+
"Fn::If": [ "Topic",
35+
{
36+
"TopicConfigurations": [
37+
{
38+
"Event": "s3:ObjectCreated:*",
39+
"Topic": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" }
40+
},
41+
{
42+
"Event": "s3:ObjectRemoved:*",
43+
"Topic": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" }
44+
}
45+
]
46+
},
47+
{ "Ref" : "AWS::NoValue" }
48+
]
49+
},
50+
"VersioningConfiguration": { "Fn::If": [ "Versioning",
51+
{ "Status": "Enabled" },
52+
{ "Ref": "AWS::NoValue" }
53+
] },
54+
"Tags": [
5855
{{/*
5956
HACK: Referencing TopicPolicy for a tag implicitly creates the TopicPolicy before the Bucket.
6057
This fixes a Bucket provisioning error when it can't validate permissions on the topic.
6158
This is a workaround since DependsOn must be static and will error on conditional Resources that don't exist.
6259
*/}}
63-
{ "Fn::If": ["Topic",
64-
{ "Key": "TopicPolicy", "Value": { "Ref": "TopicPolicy" } },
65-
{ "Ref": "AWS::NoValue" }
66-
]}
67-
]
68-
}
69-
},
70-
"TopicPolicy": {
71-
"Condition": "Topic",
72-
"Type": "AWS::SNS::TopicPolicy",
73-
"Properties" : {
74-
"PolicyDocument" : {
75-
"Version": "2008-10-17",
76-
"Id": "SNSTopicPolicy",
77-
"Statement": [{
78-
"Sid": "1",
79-
"Effect": "Allow",
80-
"Principal": {
81-
"AWS": "*"
82-
},
83-
"Action": [
84-
"SNS:Publish"
85-
],
86-
"Resource": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" },
87-
"Condition": {
88-
"ArnLike": {
89-
"aws:SourceArn": { "Fn::Sub": "arn:${AWS::Partition}:s3:*:*:${AWS::StackName}" }
90-
}
60+
{ "Fn::If": [ "Topic",
61+
{ "Key": "TopicPolicy", "Value": { "Ref": "TopicPolicy" } },
62+
{ "Ref": "AWS::NoValue" }
63+
]}
64+
]
65+
}
66+
},
67+
"TopicPolicy": {
68+
"Condition": "Topic",
69+
"Type": "AWS::SNS::TopicPolicy",
70+
"Properties": {
71+
"PolicyDocument": {
72+
"Version": "2008-10-17",
73+
"Id": "SNSTopicPolicy",
74+
"Statement": [{
75+
"Sid": "AllowBucketPublish",
76+
"Effect": "Allow",
77+
"Principal": { "AWS": "*" },
78+
"Action": "SNS:Publish",
79+
"Resource": { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" },
80+
"Condition": {
81+
"ArnLike": {
82+
"aws:SourceArn": { "Fn::Sub": "arn:${AWS::Partition}:s3:*:*:${AWS::StackName}" }
9183
}
92-
}]
93-
},
94-
"Topics": [ { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" } ]
95-
}
96-
},
97-
"User": {
98-
"Type": "AWS::IAM::User",
99-
"Properties": {
100-
"Path": "/convox/",
101-
"Policies": [{
102-
"PolicyName" : "S3Access",
103-
"PolicyDocument" : {
104-
"Statement": [{
84+
}
85+
}]
86+
},
87+
"Topics": [ { "Fn::Sub": "arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:${Topic}" } ]
88+
}
89+
},
90+
"User": {
91+
"Type": "AWS::IAM::User",
92+
"Properties": {
93+
"Path": "/convox/",
94+
"UserName": {
95+
"Fn::Sub": "convox-${AWS::Region}-${AWS::StackName}"
96+
},
97+
"Policies": [{
98+
"PolicyName": "S3Access",
99+
"PolicyDocument": {
100+
"Statement": [
101+
{
105102
"Effect": "Allow",
106103
"Action": "s3:ListBucket",
107104
"Resource": { "Fn::Sub": "arn:${AWS::Partition}:s3:::${AWS::StackName}" }
108-
},{
105+
},
106+
{
109107
"Effect": "Allow",
110108
"Action": "s3:*",
111109
"Resource": { "Fn::Sub": "arn:${AWS::Partition}:s3:::${AWS::StackName}/*" }
112-
}]
113-
}
114-
}]
115-
}
116-
},
117-
"AccessKey": {
118-
"Type": "AWS::IAM::AccessKey",
119-
"Properties": {
120-
"UserName": { "Ref": "User" }
121-
}
110+
}
111+
]
112+
}
113+
}]
122114
}
123115
},
124-
"Outputs": {
125-
"Bucket": {
126-
"Value": { "Ref": "Bucket" }
127-
},
128-
"AccessKey": {
129-
"Value": { "Ref": "AccessKey" }
130-
},
131-
"SecretAccessKey": {
132-
"Value": { "Fn::GetAtt": ["AccessKey", "SecretAccessKey"] }
116+
"AccessKey": {
117+
"Type": "AWS::IAM::AccessKey",
118+
"Properties": {
119+
"UserName": { "Ref": "User" }
133120
}
134121
}
122+
},
123+
"Outputs": {
124+
"Bucket": {
125+
"Value": { "Ref": "Bucket" }
126+
},
127+
"AccessKey": {
128+
"Value": { "Ref": "AccessKey" }
129+
},
130+
"SecretAccessKey": {
131+
"Value": { "Fn::GetAtt": [ "AccessKey", "SecretAccessKey" ] }
132+
}
135133
}
134+
}
136135
{{ end }}

0 commit comments

Comments
 (0)