Last active
October 24, 2018 17:14
-
-
Save joerocklin/6f3a08182cac1940b099b8d91789a035 to your computer and use it in GitHub Desktop.
aws service operator s3 CFN templates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: service-operator.aws/v1alpha1 | |
kind: CloudFormationTemplate | |
metadata: | |
name: s3bucket | |
namespace: aws-service-operator | |
data: | |
key: s3bucket.yaml | |
template: | | |
AWSTemplateFormatVersion: 2010-09-09 | |
Description: 'AWS Operator - Amazon S3 Bucket' | |
Parameters: | |
Namespace: | |
Description: >- | |
This is the namespace for the Kubernetes object. | |
Type: String | |
ResourceVersion: | |
Type: String | |
Description: >- | |
This is the resource version for the Kubernetes object. | |
ResourceName: | |
Description: >- | |
This is the resource name for the Kubernetes object | |
Type: String | |
ClusterName: | |
Description: >- | |
This is the cluster name for the operator | |
Type: String | |
BucketName: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: apps3bucket | |
LoggingPrefix: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: Archive | |
EnableLogging: | |
Description: enable or discable S3 logging | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'true' | |
EnableGlacierLifeCycle: | |
Description: enable archiving to Glacier Storage | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
GlacierLifeCycleTransitionInDays: | |
Description: Define how many days objects should exist before being moved to Glacier | |
Type: String | |
Default: '0' | |
EnableVersioning: | |
Description: enable versioning | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
LifeCyclePrefix: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: Archive | |
BucketAccessControl: | |
Description: define if the bucket can be accessed from public or private locations | |
Type: String | |
AllowedValues: | |
- Private | |
- PublicRead | |
- PublicReadWrite | |
- AuthenticatedRead | |
- LogDeliveryWrite | |
- BucketOwnerRead | |
- BucketOwnerFullControl | |
- AwsExecRead | |
Default: "Private" | |
BucketDeletionPolicy: | |
Description: >- | |
Deletion policy to attempt. If the bucket is set to delete but not empty, | |
then delete will fail | |
Type: String | |
AllowedValues: | |
- Retain | |
- Delete | |
Default: Retain | |
EnableStaticSite: | |
Description: enable static site | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
StaticSiteIndex: | |
Description: Index document for the S3 bucket static site | |
Type: String | |
Default: index.html | |
StaticSiteError: | |
Description: Error document for the S3 bucket static site | |
Type: String | |
Default: 500.html | |
Mappings: {} | |
Conditions: | |
UseLogging: !Equals | |
- !Ref EnableLogging | |
- 'true' | |
UseGlacierLifeCycle: !Equals | |
- !Ref EnableGlacierLifeCycle | |
- 'true' | |
UseVersioning: !Equals | |
- !Ref EnableVersioning | |
- 'true' | |
UseAsStaticSite: !Equals | |
- !Ref EnableStaticSite | |
- 'true' | |
Resources: | |
S3bucket: | |
Type: 'AWS::S3::Bucket' | |
Properties: | |
BucketName: !Ref BucketName | |
AccessControl: !Ref BucketAccessControl | |
WebsiteConfiguration: !If | |
- UseAsStaticSite | |
- IndexDocument: !Ref StaticSiteIndex | |
ErrorDocument: !Ref StaticSiteError | |
- !Ref 'AWS::NoValue' | |
LifecycleConfiguration: | |
Rules: | |
- Id: GlacierRule | |
Prefix: !Ref LifeCyclePrefix | |
Status: Enabled | |
ExpirationInDays: '365' | |
Transitions: | |
- TransitionInDays: !Ref GlacierLifeCycleTransitionInDays | |
StorageClass: Glacier | |
LoggingConfiguration: !If | |
- UseLogging | |
- DestinationBucketName: !Ref LoggingBucket | |
LogFilePrefix: !Ref LoggingPrefix | |
- !Ref 'AWS::NoValue' | |
Tags: | |
- Key: Namespace | |
Value: !Ref Namespace | |
- Key: ResourceVersion | |
Value: !Ref ResourceVersion | |
- Key: ResourceName | |
Value: !Ref ResourceName | |
- Key: ClusterName | |
Value: !Ref ClusterName | |
- Key: Heritage | |
Value: operator.aws | |
VersioningConfiguration: !If | |
- UseVersioning | |
- Status: Enabled | |
- !Ref 'AWS::NoValue' | |
DeletionPolicy: !Ref BucketDeletionPolicy | |
WebsiteBucketPolicy: | |
Type: 'AWS::S3::BucketPolicy' | |
Condition: UseAsStaticSite | |
Properties: | |
Bucket: !Ref S3bucket | |
PolicyDocument: | |
Statement: | |
- Action: | |
- 's3:GetObject' | |
Effect: Allow | |
Principal: '*' | |
Resource: | |
'Fn::Join': | |
- '' | |
- - 'arn:aws:s3:::' | |
- !Ref S3bucket | |
- /* | |
LoggingBucket: | |
Condition: UseLogging | |
Type: 'AWS::S3::Bucket' | |
DeletionPolicy: Retain | |
Properties: | |
AccessControl: LogDeliveryWrite | |
BucketName: !Join | |
- '' | |
- - !Ref BucketName | |
- logging | |
Outputs: | |
BucketName: | |
Value: !Ref S3bucket | |
Description: Name of the sample Amazon S3 bucket. | |
BucketArn: | |
Value: !GetAtt | |
- S3bucket | |
- Arn | |
Description: Name of the Amazon S3 bucket | |
WebsiteURL: | |
Value: !GetAtt | |
- S3bucket | |
- WebsiteURL | |
Description: URL of the bucket that was created |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: service-operator.aws/v1alpha1 | |
kind: CloudFormationTemplate | |
metadata: | |
name: s3bucket | |
namespace: aws-service-operator | |
data: | |
key: s3bucket.yaml | |
template: | | |
AWSTemplateFormatVersion: 2010-09-09 | |
Description: 'AWS Operator - Amazon S3 Bucket' | |
Parameters: | |
Namespace: | |
Description: >- | |
This is the namespace for the Kubernetes object. | |
Type: String | |
ResourceVersion: | |
Type: String | |
Description: >- | |
This is the resource version for the Kubernetes object. | |
ResourceName: | |
Description: >- | |
This is the resource name for the Kubernetes object | |
Type: String | |
ClusterName: | |
Description: >- | |
This is the cluster name for the operator | |
Type: String | |
BucketName: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: apps3bucket | |
LoggingPrefix: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: Archive | |
EnableLogging: | |
Description: enable or discable S3 logging | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'true' | |
EnableGlacierLifeCycle: | |
Description: enable archiving to Glacier Storage | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
GlacierLifeCycleTransitionInDays: | |
Description: Define how many days objects should exist before being moved to Glacier | |
Type: String | |
Default: '0' | |
EnableVersioning: | |
Description: enable versioning | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
LifeCyclePrefix: | |
Description: >- | |
Must contain only lowercase letters, numbers, periods (.), and hyphens | |
(-),Cannot end in numbers | |
Type: String | |
Default: Archive | |
BucketAccessControl: | |
Description: define if the bucket can be accessed from public or private locations | |
Type: String | |
AllowedValues: | |
- Private | |
- PublicRead | |
- PublicReadWrite | |
- AuthenticatedRead | |
- LogDeliveryWrite | |
- BucketOwnerRead | |
- BucketOwnerFullControl | |
- AwsExecRead | |
Default: "Private" | |
BucketDeletionPolicy: | |
Description: >- | |
Deletion policy to attempt. If the bucket is set to delete but not empty, | |
then delete will fail | |
Type: String | |
AllowedValues: | |
- Retain | |
- Delete | |
Default: Retain | |
EnableStaticSite: | |
Description: enable static site | |
Type: String | |
AllowedValues: | |
- 'true' | |
- 'false' | |
Default: 'false' | |
StaticSiteIndex: | |
Description: Index document for the S3 bucket static site | |
Type: String | |
Default: index.html | |
StaticSiteError: | |
Description: Error document for the S3 bucket static site | |
Type: String | |
Default: 500.html | |
Mappings: {} | |
Conditions: | |
UseLogging: !Equals | |
- !Ref EnableLogging | |
- 'true' | |
UseGlacierLifeCycle: !Equals | |
- !Ref EnableGlacierLifeCycle | |
- 'true' | |
UseVersioning: !Equals | |
- !Ref EnableVersioning | |
- 'true' | |
UseAsStaticSite: !Equals | |
- !Ref EnableStaticSite | |
- 'true' | |
Resources: | |
S3bucket: | |
Type: 'AWS::S3::Bucket' | |
Properties: | |
BucketName: !Ref BucketName | |
AccessControl: !Ref BucketAccessControl | |
WebsiteConfiguration: !If | |
- UseAsStaticSite | |
- IndexDocument: !Ref StaticSiteIndex | |
ErrorDocument: !Ref StaticSiteError | |
- !Ref 'AWS::NoValue' | |
LifecycleConfiguration: | |
Rules: | |
- Id: GlacierRule | |
Prefix: !Ref LifeCyclePrefix | |
Status: Enabled | |
ExpirationInDays: '365' | |
Transitions: | |
- TransitionInDays: !Ref GlacierLifeCycleTransitionInDays | |
StorageClass: Glacier | |
LoggingConfiguration: !If | |
- UseLogging | |
- DestinationBucketName: !Ref LoggingBucket | |
LogFilePrefix: !Ref LoggingPrefix | |
- !Ref 'AWS::NoValue' | |
Tags: | |
- Key: Namespace | |
Value: !Ref Namespace | |
- Key: ResourceVersion | |
Value: !Ref ResourceVersion | |
- Key: ResourceName | |
Value: !Ref ResourceName | |
- Key: ClusterName | |
Value: !Ref ClusterName | |
- Key: Heritage | |
Value: operator.aws | |
VersioningConfiguration: !If | |
- UseVersioning | |
- Status: Enabled | |
- !Ref 'AWS::NoValue' | |
DeletionPolicy: !Ref BucketDeletionPolicy | |
WebsiteBucketPolicy: | |
Type: 'AWS::S3::BucketPolicy' | |
Condition: UseAsStaticSite | |
Properties: | |
Bucket: !Ref S3bucket | |
PolicyDocument: | |
Statement: | |
- Action: | |
- 's3:GetObject' | |
Effect: Allow | |
Principal: '*' | |
Resource: | |
'Fn::Join': | |
- '' | |
- - 'arn:aws:s3:::' | |
- !Ref S3bucket | |
- /* | |
LoggingBucket: | |
Condition: UseLogging | |
Type: 'AWS::S3::Bucket' | |
DeletionPolicy: Retain | |
Properties: | |
AccessControl: LogDeliveryWrite | |
BucketName: !Join | |
- '' | |
- - !Ref BucketName | |
- logging | |
Outputs: | |
BucketName: | |
Value: !Ref S3bucket | |
Description: Name of the sample Amazon S3 bucket. | |
BucketArn: | |
Value: !GetAtt | |
- S3bucket | |
- Arn | |
Description: Name of the Amazon S3 bucket | |
WebsiteURL: | |
Value: !GetAtt | |
- S3bucket | |
- WebsiteURL | |
Description: URL of the bucket that was created |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment