masawada/nas-backup-stack.ts

## nas-backup-stack.ts
// aws-cdk-lib 2.35.0
import { Stack, StackProps, RemovalPolicy, Duration } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';

export class NasBackupStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const bucket = new s3.Bucket(this, 'bucket', {
      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
      removalPolicy: RemovalPolicy.RETAIN,
      lifecycleRules: [{
        id: 'move-to-glacier',
        transitions: [{
          storageClass: s3.StorageClass.GLACIER,
          transitionAfter: Duration.days(1),
        }],
      }],
    });

    // https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html
    const s3AccessPolicy = new iam.Policy(this, 's3-access-policy', {
      statements: [
        new iam.PolicyStatement({
          actions: [
            's3:ListAllMyBuckets',
          ],
          resources: ['*'],
        }),
        new iam.PolicyStatement({
          actions: [
            's3:ListBucket',
            's3:GetBucketLocation',
          ],
          resources: [bucket.bucketArn],
        }),
        new iam.PolicyStatement({
          actions: [
            's3:PutObject',
            's3:PutObjectAcl',
            's3:GetObject',
            's3:GetObjectAcl',
            's3:DeleteObject',
          ],
          resources: [`${bucket.bucketArn}/*`],
        }),
      ]
    });

    const group = new iam.Group(this, 'nas-backup-group');
    group.attachInlinePolicy(s3AccessPolicy);

    const user = new iam.User(this, 'nas-backup-user', {
      groups: [ group ],
    });
  }
}
	// aws-cdk-lib 2.35.0
	import { Stack, StackProps, RemovalPolicy, Duration } from 'aws-cdk-lib';
	import { Construct } from 'constructs';
	import * as s3 from 'aws-cdk-lib/aws-s3';
	import * as iam from 'aws-cdk-lib/aws-iam';

	export class NasBackupStack extends Stack {
	constructor(scope: Construct, id: string, props?: StackProps) {
	super(scope, id, props);

	const bucket = new s3.Bucket(this, 'bucket', {
	blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
	removalPolicy: RemovalPolicy.RETAIN,
	lifecycleRules: [{
	id: 'move-to-glacier',
	transitions: [{
	storageClass: s3.StorageClass.GLACIER,
	transitionAfter: Duration.days(1),
	}],
	}],
	});

	// https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-policies-s3.html
	const s3AccessPolicy = new iam.Policy(this, 's3-access-policy', {
	statements: [
	new iam.PolicyStatement({
	actions: [
	's3:ListAllMyBuckets',
	],
	resources: ['*'],
	}),
	new iam.PolicyStatement({
	actions: [
	's3:ListBucket',
	's3:GetBucketLocation',
	],
	resources: [bucket.bucketArn],
	}),
	new iam.PolicyStatement({
	actions: [
	's3:PutObject',
	's3:PutObjectAcl',
	's3:GetObject',
	's3:GetObjectAcl',
	's3:DeleteObject',
	],
	resources: [`${bucket.bucketArn}/*`],
	}),
	]
	});

	const group = new iam.Group(this, 'nas-backup-group');
	group.attachInlinePolicy(s3AccessPolicy);

	const user = new iam.User(this, 'nas-backup-user', {
	groups: [ group ],
	});
	}
	}