I was looking for cloudformation script for S3 bucket replication between two buckets within the same account. I am able to create one myself, answering this in case someone is looking for it
1 Answers
1
votes
Here is the cloudformation script that can create bucket, iam role needed for repliation and setup replication at the same time.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create bucket and setup replication",
"Parameters": {
"sourceBucketName": {
"Description": "Name for the source bucket",
"Type": "String"
},
"destinationBucketName": {
"Description": "Name for the destination bucket",
"Type": "String"
}
},
"Resources": {
"BucketRole": {
"Type": "AWS::IAM::Role",
"Condition": "IsProdSourceBucket",
"Properties": {
"Path": "/",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Principal": {"Service": ["s3.amazonaws.com"]},
"Action": ["sts:AssumeRole"],
"Effect": "Allow"
}
]
},
"Policies": [
{
"PolicyName": "bucket-replication-permissions",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl"
],
"Resource": [
{"Fn::Sub": "arn:aws:s3:::${sourceBucketName}/*"}
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetReplicationConfiguration"
],
"Resource": [
{"Fn::Sub": "arn:aws:s3:::${sourceBucketName}"}
]
},
{
"Effect": "Allow",
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags",
"s3:GetObjectVersionTagging"
],
"Resource": {"Fn::Sub": "arn:aws:s3:::${destinationBucketName}/*"}
}
]
}
}
]
}
},
"BucketConfiguration": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"BucketName": {"Ref": "sourceBucketName"},
"VersioningConfiguration": {
"Status": "Enabled"
},
"ReplicationConfiguration": {
"Role" : { "Fn::GetAtt" : [ "BucketRole", "Arn" ] },
"Rules" : [{
"Destination" : {"Bucket": {"Fn::Sub": "arn:aws:s3:::${destinationBucketName}"}},
"Prefix" : "",
"Status" : "Enabled"
}]
}
}
}
},
"Outputs": {
"BucketConfiguration": {
"Description": "Optimizer configuration files.",
"Value": {"Ref": "BucketConfiguration"},
"Export": {"Name": "BucketConfiguration"}
},
"BucketConfigurationARN": {
"Description": "Optimizer configuration files.",
"Value": {"Fn::GetAtt": ["BucketConfiguration", "Arn"]},
"Export": {"Name": "BucketConfigurationARN"}
}
}
}
References:
https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough1.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html
