ankyit/velero-prereq.yaml

## velero-prereq.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Velero Prerequisites
Parameters:
  paramBucketName:
    Type: String
    Description: Provide Bucket Name
Resources:
  VeleroBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      AccessControl: BucketOwnerFullControl
      BucketName: !Ref paramBucketName
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
  VeleroUser:
    Type: 'AWS::IAM::User'
    Properties:
      Policies:
        - PolicyName: velero-bucket-access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - ec2:DescribeVolumes
                  - ec2:DescribeSnapshots
                  - ec2:CreateTags
                  - ec2:CreateVolume
                  - ec2:CreateSnapshot
                  - ec2:DeleteSnapshot
                Resource:
                  - '*'
              - Effect: Allow
                Action:
                  - s3:GetObject
                  - s3:DeleteObject
                  - s3:PutObject
                  - s3:AbortMultipartUpload
                  - s3:ListMultipartUploadParts
                Resource:
                  - !Sub arn:aws:s3:::${VeleroBucket}/*
              - Effect: Allow
                Action:
                  - s3:ListBucket
                Resource:
                  - !Sub arn:aws:s3:::${VeleroBucket}
  VeleroUserAccessKey:
    Type: 'AWS::IAM::AccessKey'
    Properties:
      UserName: !Ref VeleroUser

Outputs:
  BucketName:
    Value: !Ref 'VeleroBucket'
    Description: Velero Backup BucketName
  AccessKeyID:
    Value: !Ref 'VeleroUserAccessKey'
  SecretKeyID:
    Value: !GetAtt 'VeleroUserAccessKey.SecretAccessKey'
  User:
    Value: !Ref VeleroUser
	AWSTemplateFormatVersion: "2010-09-09"
	Description: Velero Prerequisites
	Parameters:
	paramBucketName:
	Type: String
	Description: Provide Bucket Name
	Resources:
	VeleroBucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	AccessControl: BucketOwnerFullControl
	BucketName: !Ref paramBucketName
	BucketEncryption:
	ServerSideEncryptionConfiguration:
	- ServerSideEncryptionByDefault:
	SSEAlgorithm: AES256
	VeleroUser:
	Type: 'AWS::IAM::User'
	Properties:
	Policies:
	- PolicyName: velero-bucket-access
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- ec2:DescribeVolumes
	- ec2:DescribeSnapshots
	- ec2:CreateTags
	- ec2:CreateVolume
	- ec2:CreateSnapshot
	- ec2:DeleteSnapshot
	Resource:
	- '*'
	- Effect: Allow
	Action:
	- s3:GetObject
	- s3:DeleteObject
	- s3:PutObject
	- s3:AbortMultipartUpload
	- s3:ListMultipartUploadParts
	Resource:
	- !Sub arn:aws:s3:::${VeleroBucket}/*
	- Effect: Allow
	Action:
	- s3:ListBucket
	Resource:
	- !Sub arn:aws:s3:::${VeleroBucket}
	VeleroUserAccessKey:
	Type: 'AWS::IAM::AccessKey'
	Properties:
	UserName: !Ref VeleroUser

	Outputs:
	BucketName:
	Value: !Ref 'VeleroBucket'
	Description: Velero Backup BucketName
	AccessKeyID:
	Value: !Ref 'VeleroUserAccessKey'
	SecretKeyID:
	Value: !GetAtt 'VeleroUserAccessKey.SecretAccessKey'
	User:
	Value: !Ref VeleroUser