AWS CloudFormation is a service that lets you build and manage AWS resources through code instead of manual setup in the console. You create a YAML template that outlines the infrastructure you need like a secure S3 bucket and CloudFormation automatically provisions everything for you. This follows the principles of Infrastructure as Code (IaC), ensuring your cloud environment is deployed securely and automatically.
This project explains how to deploy a CloudFormation template using the AWS CLI to create a secure Amazon S3 bucket. The bucket is configured to block all public access and uses AES-256 server-side encryption to protect stored data.
Ensure you have:
- An AWS account
- AWS CLI installed on your operating system
- AWS CLI configured (run the command aws configure in your OS terminal and enter your credentials)
Create a new YAML file called: secure-s3-bucket.yml. Copy and paste in the following into your file:
AWSTemplateFormatVersion: 2010-09-09
Description: Secure S3 Bucket Example
AWSTemplateFormatVersion: 2010-09-09
Description: Secure S3 Bucket Example
Resources:
SecureBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-secure-bucket-atand-2026-v1
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256Run this in your windows terminal:
aws cloudformation deploy --template-file secure-s3-bucket.yml --stack-name my-secure-bucket-atand-2026-v1 --capabilities CAPABILITY_NAMED_IAMMake sure the bucket name is globally unique. If my-secure-bucket-atand-2026-v1 is already taken, change the bucket name in the YAML file. For "--template file", make sure to specify the correct path where your template file is located in your local system.
Status will update in your terminal as shown below:
You can also verify by going to CloudFormation in the AWS Console to view the stack status:
