pmarques/s3-destination.yaml

## s3-destination.yaml
---
Description: >
  Create a simple encrypted S3 bucket
Parameters:
  BucketName:
    Type: String
    Default: pmarques1234567890-x-account-replication
  SourceAccount:
    Type: String
Resources:
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref BucketName
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      VersioningConfiguration:
        Status: Enabled
  S3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref S3Bucket
      PolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              AWS: !Sub arn:aws:iam::${SourceAccount}:root
            Action:
              - s3:ReplicateObject
              - s3:ReplicateDelete
              - s3:ObjectOwnerOverrideToBucketOwner
            Resource: !Sub arn:aws:s3:::${S3Bucket}/*

## s3-source.yaml
---
Description: >
  s3 crr testing
Parameters:
  DestinationBucket:
    Type: String
    Default: pmarques1234567890-x-account-replication
  DestinationAccount:
    Type: String
Resources:
  ReplicaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: s3.amazonaws.com
  ReplicaPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument:
        Statement:
          - Action:
              - s3:Get*
              - s3:ListBucket
            Resource:
              - !Sub arn:aws:s3:::pmarques1234567890-x-account-replication-source
              - !Sub arn:aws:s3:::pmarques1234567890-x-account-replication-source/*
            Effect: Allow
          - Action:
              - s3:ReplicateObject
              - s3:ReplicateDelete
              - s3:ReplicateTags
              - s3:GetObjectVersionTagging
              - s3:ObjectOwnerOverrideToBucketOwner
            Effect: Allow
            Resource: !Sub arn:aws:s3:::${DestinationBucket}/*
      PolicyName: ReplicaPolicy
      Roles:
        - !Ref ReplicaRole
  S3Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      BucketName: pmarques1234567890-x-account-replication-source
      ReplicationConfiguration:
        Role: !GetAtt [ReplicaRole, Arn]
        Rules:
          - Destination:
              AccessControlTranslation:
                Owner: Destination
              Account: !Ref DestinationAccount
              Bucket: !Sub arn:aws:s3:::${DestinationBucket}
              StorageClass: STANDARD
            Id: Backup
            Prefix: ''
            Status: Enabled
      VersioningConfiguration:
        Status: Enabled
	---
	Description: >
	Create a simple encrypted S3 bucket
	Parameters:
	BucketName:
	Type: String
	Default: pmarques1234567890-x-account-replication
	SourceAccount:
	Type: String
	Resources:
	S3Bucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref BucketName
	BucketEncryption:
	ServerSideEncryptionConfiguration:
	- ServerSideEncryptionByDefault:
	SSEAlgorithm: AES256
	VersioningConfiguration:
	Status: Enabled
	S3BucketPolicy:
	Type: AWS::S3::BucketPolicy
	Properties:
	Bucket: !Ref S3Bucket
	PolicyDocument:
	Statement:
	- Effect: Allow
	Principal:
	AWS: !Sub arn:aws:iam::${SourceAccount}:root
	Action:
	- s3:ReplicateObject
	- s3:ReplicateDelete
	- s3:ObjectOwnerOverrideToBucketOwner
	Resource: !Sub arn:aws:s3:::${S3Bucket}/*
	---
	Description: >
	s3 crr testing
	Parameters:
	DestinationBucket:
	Type: String
	Default: pmarques1234567890-x-account-replication
	DestinationAccount:
	Type: String
	Resources:
	ReplicaRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Statement:
	- Action: sts:AssumeRole
	Effect: Allow
	Principal:
	Service: s3.amazonaws.com
	ReplicaPolicy:
	Type: AWS::IAM::Policy
	Properties:
	PolicyDocument:
	Statement:
	- Action:
	- s3:Get*
	- s3:ListBucket
	Resource:
	- !Sub arn:aws:s3:::pmarques1234567890-x-account-replication-source
	- !Sub arn:aws:s3:::pmarques1234567890-x-account-replication-source/*
	Effect: Allow
	- Action:
	- s3:ReplicateObject
	- s3:ReplicateDelete
	- s3:ReplicateTags
	- s3:GetObjectVersionTagging
	- s3:ObjectOwnerOverrideToBucketOwner
	Effect: Allow
	Resource: !Sub arn:aws:s3:::${DestinationBucket}/*
	PolicyName: ReplicaPolicy
	Roles:
	- !Ref ReplicaRole
	S3Bucket:
	Type: AWS::S3::Bucket
	DeletionPolicy: Delete
	Properties:
	BucketEncryption:
	ServerSideEncryptionConfiguration:
	- ServerSideEncryptionByDefault:
	SSEAlgorithm: AES256
	BucketName: pmarques1234567890-x-account-replication-source
	ReplicationConfiguration:
	Role: !GetAtt [ReplicaRole, Arn]
	Rules:
	- Destination:
	AccessControlTranslation:
	Owner: Destination
	Account: !Ref DestinationAccount
	Bucket: !Sub arn:aws:s3:::${DestinationBucket}
	StorageClass: STANDARD
	Id: Backup
	Prefix: ''
	Status: Enabled
	VersioningConfiguration:
	Status: Enabled