Skip to content
This repository was archived by the owner on Oct 4, 2024. It is now read-only.

Commit 9437bb2

Browse files
santiagocardenassantiagocardenas
committed
AWS::CloudFormation::Authentication and policy to role so it works with private S3 buckets
1 parent 663b00c commit 9437bb2

File tree

1 file changed

+41
-15
lines changed

1 file changed

+41
-15
lines changed

templates/marketplace/dsm-mp.template

Lines changed: 41 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,20 @@ Resources:
322322
- !Ref AWS::NoValue
323323
Path: /
324324
Policies:
325+
- PolicyName: aws-quick-start-s3-policy
326+
PolicyDocument:
327+
Version: 2012-10-17
328+
Statement:
329+
- Action:
330+
- s3:GetObject
331+
Resource:
332+
Fn::Sub:
333+
- arn:${Partition}:s3:::${QSS3BucketName}/${QSS3KeyPrefix}*
334+
- Partition:
335+
Fn::If:
336+
- GovCloudCondition
337+
- aws-us-gov
338+
- aws
325339
- !If
326340
- AddToELB
327341
- PolicyName: DeepSecurityManagerInstancePolicy
@@ -403,6 +417,13 @@ Resources:
403417
DSM:
404418
Type: AWS::EC2::Instance
405419
Metadata:
420+
AWS::CloudFormation::Authentication:
421+
S3AcccessCreds:
422+
type: S3
423+
roleName:
424+
Fn::Ref: DSMRole
425+
buckets:
426+
Fn::Ref: QSS3BucketName
406427
AWS::CloudFormation::Init:
407428
configSets:
408429
default:
@@ -633,6 +654,7 @@ Resources:
633654
- s3
634655
owner: root
635656
mode: '000700'
657+
authentication: S3AcccessCreds
636658
/etc/cfn/kill-mp-web-installer.sh:
637659
source:
638660
!Sub
@@ -644,6 +666,7 @@ Resources:
644666
- s3
645667
owner: root
646668
mode: '000700'
669+
authentication: S3AcccessCreds
647670
/etc/cfn/add-aws-account-with-instance-role.sh:
648671
source:
649672
!Sub
@@ -655,6 +678,7 @@ Resources:
655678
- s3
656679
owner: root
657680
mode: '000700'
681+
authentication: S3AcccessCreds
658682
commands:
659683
5-check-service:
660684
command:
@@ -692,22 +716,21 @@ Resources:
692716
10-killWebInstaller:
693717
command: /etc/cfn/kill-mp-web-installer.sh
694718
sqlSetup:
719+
files:
720+
/etc/cfn/rhel-scripts/create-dsm-db.py:
721+
source:
722+
!Sub
723+
- https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/create-dsm-db.py
724+
- QSS3Region:
725+
!If
726+
- GovCloudCondition
727+
- s3-us-gov-west-1
728+
- s3
729+
owner: root
730+
mode: '000755'
731+
authentication: S3AcccessCreds
695732
commands:
696-
1-get-create-script:
697-
command:
698-
!Join
699-
- ''
700-
- - 'cd /etc/cfn/rhel-scripts; curl -O '
701-
- !Sub
702-
- https://${QSS3BucketName}.${QSS3Region}.amazonaws.com/${QSS3KeyPrefix}scripts/create-dsm-db.py
703-
- QSS3Region:
704-
!If
705-
- GovCloudCondition
706-
- s3-us-gov-west-1
707-
- s3
708-
- ; chmod 755 create-dsm-db.py
709-
ignoreErrors: 'false'
710-
2-create-db:
733+
1-create-db:
711734
command:
712735
!Join
713736
- ''
@@ -745,6 +768,7 @@ Resources:
745768
- s3
746769
owner: root
747770
mode: '000700'
771+
authentication: S3AcccessCreds
748772
/etc/cfn/set-lb-settings.sh:
749773
source:
750774
!Sub
@@ -756,6 +780,7 @@ Resources:
756780
- s3
757781
owner: root
758782
mode: '000700'
783+
authentication: S3AcccessCreds
759784
commands:
760785
1-setup-elb-listener:
761786
command:
@@ -812,6 +837,7 @@ Resources:
812837
- s3
813838
owner: root
814839
mode: '000700'
840+
authentication: S3AcccessCreds
815841
commands:
816842
1-reactivate-manager.sh:
817843
command:

0 commit comments

Comments
 (0)