axolx · July 26, 2018 17:14
diff --git a/s3-cors-bucket.yaml b/s3-cors-bucket.yaml
 # Sample CloudFormation stack to create a bucket for AJAX uploads to S3
 # Includes a lifecycle policy, CORS settings, and a IAM policy

 # aws cloudformation create-stack --capabilities CAPABILITY_IAM --stack-name my-bucket --template-body file://s3-bucket.yaml --parameters ParameterKey=BucketName,ParameterValue=my-bucket ParameterKey=ExpirationDays,ParameterValue=2  ParameterKey=Role,ParameterValue=my-role

 AWSTemplateFormatVersion: '2010-09-09'
 Parameters:
  BucketName:
    Type: String
    Description: The name for the bucket
  ExpirationDays:
    Type: Number
    Description: Number of days to expire bucket objects
  Role:
    Type: String
    Description: The IAM role name that will upload to the bucket
 Resources:
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref BucketName
      LifecycleConfiguration:
        Rules:
        - Id: DeleteAfterTwoDays
          Status: Enabled
          ExpirationInDays: 2
          AbortIncompleteMultipartUpload:
            DaysAfterInitiation: 2
      CorsConfiguration:
        CorsRules:
        - AllowedOrigins: [http://example.org']
          AllowedMethods: [GET, HEAD, PUT, POST]
          MaxAge: '3000'
          ExposedHeaders: [ETag]
          AllowedHeaders: [x-amz-*]
  BucketPolicy:
    Type: AWS::IAM::Policy
    Properties: 
      PolicyName: !Sub ${AWS::StackName}-${BucketName}-policy
      PolicyDocument:   
        Version: "2012-10-17"
        Statement: 
          - Effect: "Allow"
            Action:
            - s3:GetObject
            - s3:PutObject
            - s3:PutObjectAcl
            - s3:ListMultipartUploadParts
            - s3:AbortMultipartUpload
            Resource: !Sub ${Bucket.Arn}/*
      Roles: [ !Ref Role ]

 Outputs:
  BucketName:
    Value: !Ref Bucket
    Description: Name of the created S3 bucket
	# Sample CloudFormation stack to create a bucket for AJAX uploads to S3
	# Includes a lifecycle policy, CORS settings, and a IAM policy

	# aws cloudformation create-stack --capabilities CAPABILITY_IAM --stack-name my-bucket --template-body file://s3-bucket.yaml --parameters ParameterKey=BucketName,ParameterValue=my-bucket ParameterKey=ExpirationDays,ParameterValue=2 ParameterKey=Role,ParameterValue=my-role

	AWSTemplateFormatVersion: '2010-09-09'
	Parameters:
	BucketName:
	Type: String
	Description: The name for the bucket
	ExpirationDays:
	Type: Number
	Description: Number of days to expire bucket objects
	Role:
	Type: String
	Description: The IAM role name that will upload to the bucket
	Resources:
	Bucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref BucketName
	LifecycleConfiguration:
	Rules:
	- Id: DeleteAfterTwoDays
	Status: Enabled
	ExpirationInDays: 2
	AbortIncompleteMultipartUpload:
	DaysAfterInitiation: 2
	CorsConfiguration:
	CorsRules:
	- AllowedOrigins: [http://example.org']
	AllowedMethods: [GET, HEAD, PUT, POST]
	MaxAge: '3000'
	ExposedHeaders: [ETag]
	AllowedHeaders: [x-amz-*]
	BucketPolicy:
	Type: AWS::IAM::Policy
	Properties:
	PolicyName: !Sub ${AWS::StackName}-${BucketName}-policy
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: "Allow"
	Action:
	- s3:GetObject
	- s3:PutObject
	- s3:PutObjectAcl
	- s3:ListMultipartUploadParts
	- s3:AbortMultipartUpload
	Resource: !Sub ${Bucket.Arn}/*
	Roles: [ !Ref Role ]

	Outputs:
	BucketName:
	Value: !Ref Bucket
	Description: Name of the created S3 bucket