From a2ef07ce18eac3c4a936b5042d9ae243c5aba099 Mon Sep 17 00:00:00 2001 From: Troy Ameigh <55170274+troy-ameigh@users.noreply.github.com> Date: Fri, 8 Sep 2023 12:05:10 -0500 Subject: [PATCH 1/3] Added Bucket Versioning Configuration. --- templates/git2s3.template.yaml | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/templates/git2s3.template.yaml b/templates/git2s3.template.yaml index 2272c65..a13ddab 100644 --- a/templates/git2s3.template.yaml +++ b/templates/git2s3.template.yaml @@ -140,6 +140,8 @@ Resources: Type: AWS::S3::Bucket Properties: Tags: [] + VersioningConfiguration: + Status: Enabled CopyZips: Type: AWS::CloudFormation::CustomResource @@ -261,6 +263,8 @@ Resources: Type: AWS::S3::Bucket Properties: Tags: [] + VersioningConfiguration: + Status: Enabled OutputBucket: Type: AWS::S3::Bucket @@ -276,7 +280,7 @@ Resources: KMSKey: Type: AWS::KMS::Key Properties: - Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3. + Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3. KeyPolicy: Version: '2012-10-17' Statement: @@ -336,7 +340,7 @@ Resources: Condition: Bool: kms:GrantIsForAWSResource: true - + CreateSSHKeyRole: Type: AWS::IAM::Role Properties: @@ -383,7 +387,7 @@ Resources: - logs:PutLogEvents Resource: - arn:aws:logs:*:*:* - + CreateSSHKeyLambda: DependsOn: CopyZips Type: AWS::Lambda::Function @@ -396,7 +400,7 @@ Resources: Code: S3Bucket: !Ref 'LambdaZipsBucket' S3Key: !Sub '${QSS3KeyPrefix}functions/packages/CreateSSHKey/lambda.zip' - + CreateSSHKey: Type: AWS::CloudFormation::CustomResource Version: '1.0' @@ -405,7 +409,7 @@ Resources: KeyBucket: !Ref 'KeyBucket' Region: !Ref 'AWS::Region' KMSKey: !Ref 'KMSKey' - + DeleteBucketContentsRole: Type: AWS::IAM::Role Properties: @@ -451,7 +455,7 @@ Resources: - logs:PutLogEvents Resource: - arn:aws:logs:*:*:* - + DeleteBucketContentsLambda: DependsOn: CopyZips Type: AWS::Lambda::Function @@ -464,7 +468,7 @@ Resources: Code: S3Bucket: !Ref 'LambdaZipsBucket' S3Key: !Sub '${QSS3KeyPrefix}functions/packages/DeleteBucketContents/lambda.zip' - + DeleteBucketContents: Type: AWS::CloudFormation::CustomResource Version: '1.0' @@ -484,13 +488,13 @@ Resources: Statement: - Effect: "Allow" Principal: - Service: "codebuild.amazonaws.com" - Action: + Service: "codebuild.amazonaws.com" + Action: - "sts:AssumeRole" Path: "/" ManagedPolicyArns: - !Ref CodeBuildEndpointPolicy - Tags: + Tags: - Key: 'tagging-policy' Value: !Join ['-', ["test", "ok"]] @@ -500,13 +504,13 @@ Resources: Properties: Description: Policy with base permissions for CodeBuild. Path: / - Roles: + Roles: - !Ref CodeBuildServiceRole PolicyDocument: Version: 2012-10-17 Statement: - Effect: "Allow" - Action: + Action: - "logs:CreateLogGroup" - "logs:PutLogEvents" - "logs:CreateLogStream" @@ -680,7 +684,7 @@ Resources: - mv ./enc_key.pem ~/.ssh/id_rsa - ls ~/.ssh/ - echo "Setting SSH config profile" - - | + - | cat > ~/.ssh/config < Date: Fri, 8 Sep 2023 12:22:46 -0500 Subject: [PATCH 2/3] Fixed linting issues --- templates/git2s3.template.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/git2s3.template.yaml b/templates/git2s3.template.yaml index a13ddab..9f532ea 100644 --- a/templates/git2s3.template.yaml +++ b/templates/git2s3.template.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: '2010-09-09' +AWSTemplateFormatVersion: '2010-09-09'F Description: Git webhooks to clone and store a Git repository in S3. Used to integrate Git services with AWS services like AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy. (qs-1nfhrd9bh) Metadata: @@ -166,7 +166,7 @@ Resources: Service: lambda.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + - Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Path: / Policies: - PolicyName: lambda-copier @@ -184,7 +184,7 @@ Resources: - s3:PutObject - s3:DeleteObject Resource: - - !Sub 'arn:aws:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*' + - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*' - Effect: Allow Action: - s3:* @@ -281,6 +281,7 @@ Resources: Type: AWS::KMS::Key Properties: Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3. + EnableKeyRotation: true KeyPolicy: Version: '2012-10-17' Statement: @@ -386,7 +387,7 @@ Resources: - logs:CreateLogStream - logs:PutLogEvents Resource: - - arn:aws:logs:*:*:* + - !Sub arn:${AWS::Partition}:logs:*:*:* CreateSSHKeyLambda: DependsOn: CopyZips From 25294690878aa3f53d64c36696cd2e28ffd90afb Mon Sep 17 00:00:00 2001 From: Troy Ameigh <55170274+troy-ameigh@users.noreply.github.com> Date: Fri, 8 Sep 2023 12:30:14 -0500 Subject: [PATCH 3/3] typo fixed --- templates/git2s3.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/git2s3.template.yaml b/templates/git2s3.template.yaml index 9f532ea..35594de 100644 --- a/templates/git2s3.template.yaml +++ b/templates/git2s3.template.yaml @@ -1,4 +1,4 @@ -AWSTemplateFormatVersion: '2010-09-09'F +AWSTemplateFormatVersion: '2010-09-09' Description: Git webhooks to clone and store a Git repository in S3. Used to integrate Git services with AWS services like AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy. (qs-1nfhrd9bh) Metadata: