AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Stack to update S3 Object ACLs at scale # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: Function: Timeout: 20 Resources: S3UpdateAcl: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: S3UpdateAcl Handler: s3updateacl.App::handleRequest Runtime: java11 MemorySize: 512 Environment: # More info about Env Vars: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#environment-object Variables: CanonicalID: !Ref CanonicalID Permission: !Ref Permission Events: S3UpdateAclEvent: Type: S3 Properties: Bucket: !Ref SrcBucket Events: s3:ObjectCreated:* Policies: Statement: Sid: S3UpdateS3ObjectACLPolicy Effect: Allow Action: - s3:GetObject - s3:GetObjectAcl - s3:PutObjectAcl Resource: '*' SrcBucket: Type: AWS::S3::Bucket Parameters: CanonicalID: Type: String AllowedPattern: "[a-zA-Z0-9]{64,96}" Permission: Type: String Default: FULL_CONTROL AllowedValues: - READ_ACP - WRITE_ACP - READ - WRITE - FULL_CONTROL