This repository has a simple AWS CloudFormation Template that creates an AWS S3 Bucket adds more security to it. This repository is for use with the Cloud Security Bootcamp run by Cloud Security Podcast. Please reach out
The full Playlist for the FREE Cloud Security Bootcamp can be found here.
Please ensure you have AWS Cli Installed and configured on your machine before you follow the comamands below:
-
Please rename
<NAME-OF-THE-STACK>with the name of the AWS Cloudformation Stack, before running the following scripts. -
Please rename
<NAME-OF-THE-BUCKET>with a valid AWS S3 bucket name, before running the following scripts. -
Please rename
<OPTIONAL-Only-if-AWS-Profile-Exists>with your AWS Cli Profile only if you have a local AWS Cli profile on your machine, before running the following scripts. -
Please rename
<REGION-FOR-AWS-S3-BUCKET>with the AWS Region where you want the AWS S3 bucket to be created, before running the following scripts.
At this stage, we are creating the AWS Cloudformation Template. This action once completed will create the AWS S3 bucket in your selected AWS Account.
aws cloudformation create-stack \
--stack-name <stack-name> \
--template-body file://1-create-aws-s3-with-no-security.yml \
--parameters ParameterKey=BucketName,ParameterValue=<NAME-OF-THE-BUCKET>
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws cloudformation deploy \
--stack-name <NAME-OF-THE-STACK> \
--template-file 2-update-cfn-stack-aws-s3-only-encrypted-upload.yml \
--parameter-overrides BucketName=<NAME-OF-THE-BUCKET> \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws cloudformation deploy \
--stack-name <NAME-OF-THE-STACK> \
--template-file 3-update-cfn-stack-add-s3-bucket-versioning.yml \
--parameter-overrides BucketVersioning=Enabled \
--tags "Purpose=Test" \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws cloudformation deploy \
--stack-name <NAME-OF-THE-STACK> \
--template-file 4-final-step-update-cfn-to-show-output.yml \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws cloudformation deploy \
--stack-name <NAME-OF-THE-STACK> \
--template-file 3-update-cfn-stack-add-s3-bucket-versioning.yml \
--parameter-overrides BucketVersioning=Suspended \
--tags "Purpose=Test" \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws cloudformation delete-stack \
--stack-name <NAME-OF-THE-STACK> \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
NOTE: Use the steps below to use AWS Cli to Cleanup if the above Cloudformation doesn't work for any reason.
aws s3api get-bucket-versioning --bucket <NAME-OF-THE-BUCKET> \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws s3 rm s3://<NAME-OF-THE-BUCKET> --recursive \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws s3api delete-objects --bucket <NAME-OF-THE-BUCKET> \
--delete "$(aws s3api list-object-versions \
--bucket "<NAME-OF-THE-BUCKET>" \
--output=json \
--query='{Objects: Versions[].{Key:Key,VersionId:VersionId}}')" \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>
aws s3 rb s3://<NAME-OF-THE-BUCKET> \
--profile <OPTIONAL-Only-if-AWS-Profile-Exists> \
--region <REGION-FOR-AWS-S3-BUCKET>