我正在寻找在同一帐户中两个存储桶之间进行S3存储桶复制的cloudformation脚本。我可以自己创建一个,如果有人正在寻找它,可以回答这个问题
答案 0 :(得分:0)
这里是cloudformation脚本,可以创建存储桶,同时执行复制和设置复制所需的iam角色。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Create bucket and setup replication",
"Parameters": {
"sourceBucketName": {
"Description": "Name for the source bucket",
"Type": "String"
},
"destinationBucketName": {
"Description": "Name for the destination bucket",
"Type": "String"
}
},
"Resources": {
"BucketRole": {
"Type": "AWS::IAM::Role",
"Condition": "IsProdSourceBucket",
"Properties": {
"Path": "/",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Principal": {"Service": ["s3.amazonaws.com"]},
"Action": ["sts:AssumeRole"],
"Effect": "Allow"
}
]
},
"Policies": [
{
"PolicyName": "bucket-replication-permissions",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObjectVersionForReplication",
"s3:GetObjectVersionAcl"
],
"Resource": [
{"Fn::Sub": "arn:aws:s3:::${sourceBucketName}/*"}
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetReplicationConfiguration"
],
"Resource": [
{"Fn::Sub": "arn:aws:s3:::${sourceBucketName}"}
]
},
{
"Effect": "Allow",
"Action": [
"s3:ReplicateObject",
"s3:ReplicateDelete",
"s3:ReplicateTags",
"s3:GetObjectVersionTagging"
],
"Resource": {"Fn::Sub": "arn:aws:s3:::${destinationBucketName}/*"}
}
]
}
}
]
}
},
"BucketConfiguration": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"BucketName": {"Ref": "sourceBucketName"},
"VersioningConfiguration": {
"Status": "Enabled"
},
"ReplicationConfiguration": {
"Role" : { "Fn::GetAtt" : [ "BucketRole", "Arn" ] },
"Rules" : [{
"Destination" : {"Bucket": {"Fn::Sub": "arn:aws:s3:::${destinationBucketName}"}},
"Prefix" : "",
"Status" : "Enabled"
}]
}
}
}
},
"Outputs": {
"BucketConfiguration": {
"Description": "Optimizer configuration files.",
"Value": {"Ref": "BucketConfiguration"},
"Export": {"Name": "BucketConfiguration"}
},
"BucketConfigurationARN": {
"Description": "Optimizer configuration files.",
"Value": {"Fn::GetAtt": ["BucketConfiguration", "Arn"]},
"Export": {"Name": "BucketConfigurationARN"}
}
}
}
参考文献:
https://docs.aws.amazon.com/AmazonS3/latest/dev/crr-walkthrough1.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html