在我们公司中,我们有一个过程,我们需要编写一个Json文件,然后提交并将代码推送到gitBucket。一旦将代码推送到我们的分支,然后另一个与AWS连接的工具将创建s3存储桶,我们在json文件中提到了该存储桶。启动过程时出现以下错误。
1) S3 bucket policy should add here to the least previledge principal
2) S3 bucket should have versioning enabled
这是示例Json文件:
{
"Description": "Cloud formation template for creating Sample data buckets in S3",
"outputs":{
"sampleDataBucketName":{
"Description": "sample data model",
"value":{
"Ref":"sampleDataBucket"
}
},
"sampleDataBucketPolicy":{
"Description": "sample data model",
"value":{
"Ref":"sampleDataBucketPolicy"
}
}
},
"Resources":{
"sampleDataBucket":{
"Properties":{
"BucketName":{
"Fn:Join":[
"",
[
{
"Ref": "account"
},
"-",
{
"Ref": "AWS::Region"
},
"-sample-",
{
"Ref": "BucketRegion"
},
"-data-sample-"
]
]
}
}
},
"LoggingConfiguration":{
"DestinationBucketName":{
"Fn:Join":[
"",
[
"sample-s3-access-logs",
{
"Ref": "account"
},
"-",
{
"Ref": "AWS::Region"
}
]
]
},
"LogFilePrefix":{
"Fn:Join":[
"",
[
{
"Fn:Join":[
"",
[
{
"Ref": "account"
},
"-",
{
"Ref": "AWS::Region"
},
"-sample-",
{
"Ref": "BucketRegion"
},
"-data-sample-"
]
]
},
"/"
]
]
},
"Type":"AWS::S3:Bucket"
},
"sampleDataBucketPolicy":{
"Properties":{
"Bucket":{
"Ref":"SampleDataBucket"
},
"PolicyDocument":{
"Statements":[
{
"Action":"s3:putObject",
"Condition":{
"NULL":{
"s3:x-amz-server-side-encryption":"true"
}
},
"Effect":"Deny",
"Principal":"",
"Resource":{
"Fn:Join":[
"",
[
"arn:aws:s3:::",
{
"Ref":"sampleDataBucket"
},
"/"
]
]
},
"Sid":"DenyOnEncryptedObjectUploads"
},
{
"Action":"s3:*",
"Condition":{
"Bool":{
"aws:SecureTransport":"false"
}
},
"Effect":"Deny",
"Principal":"",
"Resource":{
"Fn::Join":[
"",
[
"arn:aws:s3:::",
{
"Ref":"SampleDataBucket"
},
"/"
]
]
},
"Sid": "EnforceSSL"
}
],
"Version":"2012-10-17"
}
},
"Type":"AWS::S3::BucketPolicy"
}
}
}