This S3 bucket policy allows CloudFormation to read your Nested Stack template without making it public for everyone.
Policy JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCloudformationAccessBucket",
"Effect": "Allow",
"Principal": {
"Service": "cloudformation.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
]
}
Usage in CloudFormation yaml:
Resources:
FooStack:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
Foo: Foo
Bar: Bar
TemplateURL: https://s3.amazonaws.com/my-bucket-name/stack-template.yml