Skip to content

Instantly share code, notes, and snippets.

@wolfeidau

wolfeidau/deploy.yaml

Created March 1, 2021 08:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wolfeidau/188c49a749b614dd37469ff82d0acc3b to your computer and use it in GitHub Desktop.
Save wolfeidau/188c49a749b614dd37469ff82d0acc3b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deploy.yaml
---
AWSTemplateFormatVersion: '2010-09-09'
Description: >-
wolfeidau: Cloudformation deployment bucket used to host Serverless Application Model (SAM) artifacts and publish to Serverless Application Repository (SAR)
Parameters:
Stage:
Type: String
Description: The stage where the application is running in, e.g., dev, prod.
Default: "dev"
Resources:
DeploymentBucket:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
DeploymentBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref DeploymentBucket
PolicyDocument:
Statement:
- Sid: AllowServerlessRepo
Effect: Allow
Principal:
Service: "serverlessrepo.amazonaws.com"
Action:
- s3:GetObject
Resource:
- !Sub "arn:aws:s3:::${DeploymentBucket}/*"
- Sid: AllowSSLRequestsOnly
Effect: Deny
Principal: "*"
Action:
- s3:*
Resource:
- !Sub "arn:aws:s3:::${DeploymentBucket}/*"
- !Sub "arn:aws:s3:::${DeploymentBucket}"
Condition:
Bool:
"aws:SecureTransport": "false"
DeploymentBucketParam:
Type: AWS::SSM::Parameter
Properties:
Name: !Sub "/config/${Stage}/deploy_bucket"
Type: String
Value:
Ref: DeploymentBucket
Outputs:
DeploymentBucketName:
Value: !Ref DeploymentBucket
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment