Creating a custom S3 bucket policy with Serverless Framework

service:
name: myService
custom:
s3:
bucket: myBucket
plugins:provider:
name: aws
frameworkVersion: '1.70.0'
runtime: nodejs12.x
region: ${opt:region, 'us-east-1'}
iamRoleStatements:
- Effect: Allow
Action:
- s3:GetObject
- s3:DeleteObject
Resource:
# Specify bucket ARN this way to avoid a "Circular dependency between resources" error
- Fn::Join:
- '/'
- 'arn:aws:s3::'
- Fn::Join:
- '/'
- - ${self:custom.s3.bucket}
- '*'
- Effect: Allow
Action:
- s3:ListObjects
Resource:
# Specify bucket ARN this way to avoid a "Circular dependency between resources" error
- Fn::Join:
- ':'
- - 'arn:aws:s3::'
- ${self:custom.s3.bucket}
# see https://www.serverless.com/framework/docs/providers/aws/events/s3#custom-bucket-configuration
s3:
theBucket:
name: ${self:custom.s3.bucket}
functions:
s3ToSftp:
timeout: 300
memorySize: 1024
handler: src/handler.main
events:
- s3:
bucket: theBucket
resources:
Resources:
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3BucketTheBucket
PolicyDocument:
Statement:
- Action:
- s3:ListBucket
- s3:GetObjectVersion
- s3:GetObject
- s3:GetBucketVersioning
- s3:GetBucketLocation
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetObjectACL
- s3:PutObjectACL
Resource:
- arn:aws:s3:::${self:custom.s3.bucket}/*
- arn:aws:s3:::${self:custom.s3.bucket}
Effect: Allow
Principal:
AWS:
- arn:aws:iam::123456789012:root
- arn:aws:iam::123456789013:root
- Fn::Join
- ':'
- - 'arn:aws:iam:'
- !Ref 'AWS::AccountId'
- 'root'

--

--

--

20+ years writing code of various sorts.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Clean Code for Better Understanding

Scraper payslips with Python | Selenium

¿What is the difference between Static and Dynamic libraries?

Automating Attendance Record with face recognition, Python and React

🚀 GitHub Profile Views Counter

Multiple Authorization methods in a single GraphQL API with AWS AppSync: Security at the Data…

Java Programming Language and It’s Security Level

Store and Retrieve a File with SQL CLOB data type + Spring Boot + Base64 Conversion…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kit Fenderson-Peters

Kit Fenderson-Peters

20+ years writing code of various sorts.

More from Medium

AWS HTTP API directly to SQS with User Agent and IP Address

Mail Server Using Serverless Framework On AWS [Lambda + SES +IAM]

Invoke AWS Services Cross Account from Lambda (with AWS CDK and AWS SDK v3)

Recommendation: Should AWS provide a function for lambda timeout