Skip to content

Instantly share code, notes, and snippets.

@phobologic

phobologic/bucket.py

Created June 26, 2018 16:49
Show Gist options
  • Save phobologic/3607601da7934a9f094cccf24f8745d2 to your computer and use it in GitHub Desktop.
Save phobologic/3607601da7934a9f094cccf24f8745d2 to your computer and use it in GitHub Desktop.
Download ZIP
s3 encryption with troposphere
Raw
bucket.py
import os
from troposphere import Template, NoValue
from troposphere import s3
key_id = os.getenv("BUCKET_ENCRYPTION_KEY_ID")
bucket_encryption = NoValue
if key_id:
bucket_encryption = s3.BucketEncryption(
ServerSideEncryptionConfiguration=[
s3.ServerSideEncryptionRule(
ServerSideEncryptionByDefault=s3.ServerSideEncryptionByDefault(
KMSMasterKeyID=key_id,
SSEAlgorithm="aws:kms",
)
)
]
)
t = Template()
t.add_resource(
s3.Bucket(
"ExternalBucket",
BucketEncryption=bucket_encryption,
)
)
print t.to_yaml()
Raw
output
$ python bucket.py
Resources:
ExternalBucket:
Properties:
BucketEncryption: !Ref 'AWS::NoValue'
Type: AWS::S3::Bucket
$ BUCKET_ENCRYPTION_KEY_ID="123456789abcdef" python bucket.py
Resources:
ExternalBucket:
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
KMSMasterKeyID: 123456789abcdef
SSEAlgorithm: aws:kms
Type: AWS::S3::Bucket
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment