jacoyutorius · April 13, 2019 16:21
diff --git a/template.yml b/template.yml
 AWSTemplateFormatVersion: 2010-09-09

 Description: ---
  create IAM user only access S3 bucket

  # validate
  - aws cloudformation validate-template --template-body file://template.yml

  # crete stack
  - aws cloudformation create-stack --stack-name S3IAMUser --template-body file://template.yml --capabilities CAPABILITY_NAMED_IAM

  # create changeset
  - aws cloudformation create-change-set --stack-name S3IAMUser --template-body file://template.yml --change-set-name S3IAMUser-changeset --capabilities CAPABILITY_NAMED_IAM

  # delete stack
  - aws cloudformation delete-stack --stack-name S3IAMUser

 Parameters: 
  iamUserName:
    Type: String
    Default: "myknee-s3-user"

 Resources: 
  iamUser:
    Type: AWS::IAM::User
    Properties:
      UserName: !Ref iamUserName
      Path: /s3/
      LoginProfile:
        Password: 8vZcLEccJK
        PasswordResetRequired: false
      Policies:
        - PolicyName: !Sub ${iamUserName}-policy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action: 
                  - s3:ListBucket
                  - s3:Get*
                  - s3:Put*
                  - s3:DeleteBucket
                Resource:
                  - !Sub "arn:aws:s3:::${iamUserName}-personal-bucket"
                  # - !Sub "arn:aws:s3:::${iamUserName}-personal-bucket/public/*"

  s3Bucket:
    Type: AWS::S3::Bucket
    Properties: 
      AccessControl: Private
      BucketName: !Sub ${iamUserName}-personal-bucket
      Tags:
        - Key: CREATED_AT
          Value: 2019-04-13

 Outputs:
  s3BucketArn:
    Value: !GetAtt [s3Bucket, Arn]
	AWSTemplateFormatVersion: 2010-09-09

	Description: ---
	create IAM user only access S3 bucket

	# validate
	- aws cloudformation validate-template --template-body file://template.yml

	# crete stack
	- aws cloudformation create-stack --stack-name S3IAMUser --template-body file://template.yml --capabilities CAPABILITY_NAMED_IAM

	# create changeset
	- aws cloudformation create-change-set --stack-name S3IAMUser --template-body file://template.yml --change-set-name S3IAMUser-changeset --capabilities CAPABILITY_NAMED_IAM

	# delete stack
	- aws cloudformation delete-stack --stack-name S3IAMUser

	Parameters:
	iamUserName:
	Type: String
	Default: "myknee-s3-user"

	Resources:
	iamUser:
	Type: AWS::IAM::User
	Properties:
	UserName: !Ref iamUserName
	Path: /s3/
	LoginProfile:
	Password: 8vZcLEccJK
	PasswordResetRequired: false
	Policies:
	- PolicyName: !Sub ${iamUserName}-policy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- s3:ListBucket
	- s3:Get*
	- s3:Put*
	- s3:DeleteBucket
	Resource:
	- !Sub "arn:aws:s3:::${iamUserName}-personal-bucket"
	# - !Sub "arn:aws:s3:::${iamUserName}-personal-bucket/public/*"

	s3Bucket:
	Type: AWS::S3::Bucket
	Properties:
	AccessControl: Private
	BucketName: !Sub ${iamUserName}-personal-bucket
	Tags:
	- Key: CREATED_AT
	Value: 2019-04-13

	Outputs:
	s3BucketArn:
	Value: !GetAtt [s3Bucket, Arn]