73 lines
1.9 KiB
YAML
73 lines
1.9 KiB
YAML
AWSTemplateFormatVersion: "2010-09-09"
|
|
|
|
Resources:
|
|
|
|
IAMManagedPolicyForgejoS3Access:
|
|
UpdateReplacePolicy: "Delete"
|
|
Type: "AWS::IAM::ManagedPolicy"
|
|
DeletionPolicy: "Delete"
|
|
Properties:
|
|
ManagedPolicyName: "ForgejoS3AccessPolicy"
|
|
Path: "/"
|
|
Description: ""
|
|
Groups: []
|
|
PolicyDocument:
|
|
Version: "2012-10-17"
|
|
Statement:
|
|
- Resource:
|
|
Fn::GetAtt:
|
|
- "S3BucketForgejo"
|
|
- "Arn"
|
|
Action:
|
|
- s3:ListBucket
|
|
- s3:ListBucketMultipartUploads
|
|
Effect: "Allow"
|
|
Sid: "ListBucket"
|
|
- Resource:
|
|
Fn::Join:
|
|
- "/"
|
|
- - Fn::GetAtt:
|
|
- "S3BucketForgejo"
|
|
- "Arn"
|
|
- "*"
|
|
Action:
|
|
- s3:GetObject
|
|
- s3:PutObject
|
|
- s3:DeleteObject
|
|
- s3:AbortMultipartUpload
|
|
Effect: "Allow"
|
|
Sid: "ObjectWriting"
|
|
|
|
S3BucketForgejo:
|
|
Type: "AWS::S3::Bucket"
|
|
DeletionPolicy: Retain
|
|
Properties:
|
|
AbacStatus: "Disabled"
|
|
PublicAccessBlockConfiguration:
|
|
RestrictPublicBuckets: true
|
|
IgnorePublicAcls: true
|
|
BlockPublicPolicy: true
|
|
BlockPublicAcls: true
|
|
BucketName: !Sub "forgejo-c4ee2e40-49f0-4487-be94-872b10dc3e46-${AWS::Region}"
|
|
OwnershipControls:
|
|
Rules:
|
|
- ObjectOwnership: "BucketOwnerEnforced"
|
|
BucketEncryption:
|
|
ServerSideEncryptionConfiguration:
|
|
- BucketKeyEnabled: true
|
|
ServerSideEncryptionByDefault:
|
|
SSEAlgorithm: "AES256"
|
|
Tags:
|
|
- Value: "Git-server"
|
|
Key: "Project"
|
|
|
|
Outputs:
|
|
ForgejoS3BucketName:
|
|
Value: !Ref S3BucketForgejo
|
|
Export:
|
|
Name: !Sub ${AWS::StackName}-BucketName
|
|
|
|
ForgejoS3BucketArn:
|
|
Value: !GetAtt S3BucketForgejo.Arn
|
|
Export:
|
|
Name: !Sub ${AWS::StackName}-BucketArn
|