Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
// aws-cdk-lib 2.35.0
import { Stack, StackProps, RemovalPolicy, Duration } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';
export class NasBackupStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const bucket = new s3.Bucket(this, 'bucket', {
blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
removalPolicy: RemovalPolicy.RETAIN,
lifecycleRules: [{
id: 'move-to-glacier',
transitions: [{
storageClass: s3.StorageClass.GLACIER,
transitionAfter: Duration.days(1),
}],
}],
});
// https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html
const s3AccessPolicy = new iam.Policy(this, 's3-access-policy', {
statements: [
new iam.PolicyStatement({
actions: [
's3:ListAllMyBuckets',
],
resources: ['*'],
}),
new iam.PolicyStatement({
actions: [
's3:ListBucket',
's3:GetBucketLocation',
],
resources: [bucket.bucketArn],
}),
new iam.PolicyStatement({
actions: [
's3:PutObject',
's3:PutObjectAcl',
's3:GetObject',
's3:GetObjectAcl',
's3:DeleteObject',
],
resources: [`${bucket.bucketArn}/*`],
}),
]
});
const group = new iam.Group(this, 'nas-backup-group');
group.attachInlinePolicy(s3AccessPolicy);
const user = new iam.User(this, 'nas-backup-user', {
groups: [ group ],
});
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment