S3バケット作成とバケットポリシー設定を CloudFormation で行った後に、手動でバケットポリシーを変更し、CloudFormation で元に戻してみた。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::<AWSアカウントID>:root",
"arn:aws:iam::<AWSアカウントID>:root",
"arn:aws:iam::<AWSアカウントID>:root",
"arn:aws:iam::<AWSアカウントID>:root"
]
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::az-test-20190318-6",
"arn:aws:s3:::az-test-20190318-6/*"
]
}
]
}
- 手動で以下の CloudFormation テンプレートを実行し、バケットポリシーを元に戻す。
AWSTemplateFormatVersion: '2010-09-09'
Description: This CloudFormation template to create S3 Bucket
Parameters:
S3BucketName:
Description: Type of this BacketName.
Type: String
Resources:
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Sub ${S3BucketName}
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Action:
- "s3:GetObject"
Effect: "Allow"
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
!Sub ${S3BucketName}
- "/*"
Principal:
AWS:
Fn::Join:
- ""
-
- "arn:aws:iam::"
- Ref: "AWS::AccountId"
- ":root"
Outputs:
S3BucketName:
Value: !Sub ${S3BucketName}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<AWSアカウントID>:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::az-test-20190318-6/*"
}
]
}