2 Respuestas
- Más nuevo
- Más votos
- Más comentarios
1
Hello,
I hope you're doing well!
You are right. KMSMasterKeyID
should not be present when the SSEAlgorithm
is of AES256
type. So, you should check SSEAlgorithm type. Not KMSKeysProvided. Please check the updated following example.
# version: 1.0
AWSTemplateFormatVersion: "2010-09-09"
Description: Create standardized S3 bucket using CloudFormation Template
Parameters:
BucketName:
Type: String
Description: "Name of the S3 bucket"
KMSKeyArn:
Type: String
Description: "KMS Key Arn to encrypt S3 bucket"
Default: ""
SSEAlgorithm:
Type: String
Description: "Encryption algorithm for KMS"
AllowedValues:
- aws:kms
- AES256
Conditions:
KMSKeysProvided: !Not [!Equals [!Ref KMSKeyArn, ""]]
Conditions:
AES256: !Equals [!Ref SSEAlgorithm, "AES256"]
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: !Ref BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketEncryption:
ServerSideEncryptionConfiguration:
- !If
- AES256
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref SSEAlgorithm
BucketKeyEnabled: true
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref SSEAlgorithm
KMSMasterKeyID: !Ref KMSKeyArn
BucketKeyEnabled: true
I hope this to be helpful.
respondido hace un año
0
The working code:
# version: 1.0
AWSTemplateFormatVersion: "2010-09-09"
Description: Create standardized S3 bucket using CloudFormation Template
Parameters:
BucketName:
Type: String
Description: "Name of the S3 bucket"
KMSKeyArn:
Type: String
Description: "KMS Key Arn to encrypt S3 bucket"
Default: ""
SSEAlgorithm:
Type: String
Description: "Encryption algorithm for KMS"
AllowedValues:
- aws:kms
- AES256
Conditions:
AES256: !Equals [!Ref SSEAlgorithm, "AES256"]
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
BucketName: !Ref BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
BucketEncryption:
ServerSideEncryptionConfiguration:
- !If
- AES256
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref SSEAlgorithm
BucketKeyEnabled: true
- ServerSideEncryptionByDefault:
SSEAlgorithm: !Ref SSEAlgorithm
KMSMasterKeyID: !Ref KMSKeyArn
BucketKeyEnabled: true
respondido hace un año
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 años
- OFICIAL DE AWSActualizada hace 2 años