Skip to content
This repository has been archived by the owner on Nov 10, 2024. It is now read-only.

binxio/cfn-s3-public-access-block-provider

Repository files navigation

deprecated Nov 2024 -> AWS::S3::Bucket public access block configuration

cfn-s3-public-access-block

Custom CloudFormation resource to enable S3 Public Access Blocks.

Please refer to the links below to lean the features (more secure) and limitations this provides.

After cloning this directory you have to following make targets at your command:

make                    - builds a zip file to target/.
make test               - execute the tests, requires a working AWS connection.

make deploy             - deploy to the default region eu-central-1.
make deploy-all-regions - deploy to all regions.

make release            - builds a zip file and deploys it to s3.

make deploy-provider    - deploys the provider.
make delete-provider    - deletes the provider.

make demo               - deploys the demo cloudformation stack.
make delete-demo        - deletes the demo cloudformation stack.

make clean              - the workspace.

Pre-requisites

You need to have awscli, python, jq and Docker installed.

Getting started

this template contains all the stuff to create, test and deploy a simple Custom Resource provider for the resource Custom::Custom.

The idea is that the resource just copies the property Value to return it as an atttribute of the CFN resource. To experience a complete development cycle, you need to implement the create, update and delete methods in src/cfn_custom_provider.py until the following command succeeds:

make test

The source implements a ResourceProvider class defined by Python module cfn_resource_provider.

Deploying the provider

Set the variable S3_BUCKET_PREFIX and AWS_REGION in the Makefile to point to your bucket (See #S3 buckets for details).

After that succeeds, deploy the provider by typing:

make deploy
make deploy-provider

Deploying the demo

After the provider is deployed, you can create the demo stack:

make demo

Now you are ready to create useful Custom CloudFormation Providers!

Checkout Kong API Gateway, Secrets and SES for example.

S3 Buckets

To deploy your lambda to all AWS regions, you need to have s3 buckets in all regions matching the name pattern:

   <s3-bucket-prefix>-<aws-region>

For the development cycle, you need to have at least a bucket in your default region, for instance binxio-public-eu-central-1.

To ease the creation of all buckets, you could use the create-global-s3-buckets script.

About

No description, website, or topics provided.

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published