|
|
AWSTemplateFormatVersion: '2010-09-09' |
|
|
Description: 'S3 Bucket for FRED ML Reports and Visualizations' |
|
|
|
|
|
Parameters: |
|
|
BucketName: |
|
|
Type: String |
|
|
Default: fredmlv1 |
|
|
Description: Name of the S3 bucket for storing reports |
|
|
|
|
|
Resources: |
|
|
|
|
|
FredMLBucket: |
|
|
Type: AWS::S3::Bucket |
|
|
Properties: |
|
|
BucketName: !Ref BucketName |
|
|
VersioningConfiguration: |
|
|
Status: Enabled |
|
|
PublicAccessBlockConfiguration: |
|
|
BlockPublicAcls: true |
|
|
BlockPublicPolicy: true |
|
|
IgnorePublicAcls: true |
|
|
RestrictPublicBuckets: true |
|
|
LifecycleConfiguration: |
|
|
Rules: |
|
|
- Id: DeleteOldReports |
|
|
Status: Enabled |
|
|
ExpirationInDays: 1095 |
|
|
NoncurrentVersionExpirationInDays: 30 |
|
|
AbortIncompleteMultipartUpload: |
|
|
DaysAfterInitiation: 7 |
|
|
CorsConfiguration: |
|
|
CorsRules: |
|
|
- AllowedHeaders: ['*'] |
|
|
AllowedMethods: [GET, PUT, POST, DELETE] |
|
|
AllowedOrigins: ['*'] |
|
|
MaxAge: 3000 |
|
|
|
|
|
|
|
|
BucketPolicy: |
|
|
Type: AWS::S3::BucketPolicy |
|
|
Properties: |
|
|
Bucket: !Ref FredMLBucket |
|
|
PolicyDocument: |
|
|
Version: '2012-10-17' |
|
|
Statement: |
|
|
- Sid: DenyUnencryptedObjectUploads |
|
|
Effect: Deny |
|
|
Principal: '*' |
|
|
Action: s3:PutObject |
|
|
Resource: !Sub '${FredMLBucket}/*' |
|
|
Condition: |
|
|
StringNotEquals: |
|
|
s3:x-amz-server-side-encryption: AES256 |
|
|
- Sid: DenyIncorrectEncryptionHeader |
|
|
Effect: Deny |
|
|
Principal: '*' |
|
|
Action: s3:PutObject |
|
|
Resource: !Sub '${FredMLBucket}/*' |
|
|
Condition: |
|
|
StringNotEquals: |
|
|
s3:x-amz-server-side-encryption: AES256 |
|
|
- Sid: DenyUnencryptedObjectUploads |
|
|
Effect: Deny |
|
|
Principal: '*' |
|
|
Action: s3:PutObject |
|
|
Resource: !Sub '${FredMLBucket}/*' |
|
|
Condition: |
|
|
Null: |
|
|
s3:x-amz-server-side-encryption: 'true' |
|
|
|
|
|
|
|
|
S3AccessLogGroup: |
|
|
Type: AWS::Logs::LogGroup |
|
|
Properties: |
|
|
LogGroupName: !Sub '/aws/s3/${BucketName}' |
|
|
RetentionInDays: 30 |
|
|
|
|
|
Outputs: |
|
|
BucketName: |
|
|
Description: Name of the S3 bucket |
|
|
Value: !Ref FredMLBucket |
|
|
Export: |
|
|
Name: !Sub '${AWS::StackName}-BucketName' |
|
|
|
|
|
BucketArn: |
|
|
Description: ARN of the S3 bucket |
|
|
Value: !GetAtt FredMLBucket.Arn |
|
|
Export: |
|
|
Name: !Sub '${AWS::StackName}-BucketArn' |
