Parameters:
  App:
    Type: String
    Description: Your application's name.
  Env:
    Type: String
    Description: The environment name your service, job, or workflow is being deployed to.
  Name:
    Type: String
    Description: Your workload's name.
Resources:
  cqlreplicatorBucketAccessPolicy:
    Metadata:
      'aws:copilot:description': 'An IAM managed policy for your service to access the bucket of your environment'
    Type: AWS::IAM::ManagedPolicy
    Properties:
      Description: !Sub
        - Grants CRUD access to the S3 bucket ${Bucket}
        - Bucket: cqlreplicator
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: S3ObjectActions
            Effect: Allow
            Action:
              - s3:GetObject
              - s3:PutObject
              - s3:PutObjectACL
              - s3:PutObjectTagging
              - s3:DeleteObject
              - s3:RestoreObject
            Resource: !Sub
              - ${ BucketARN }/*
              - BucketARN: arn:aws:s3:::cqlreplicator
          - Sid: S3ListAction
            Effect: Allow
            Action: s3:ListBucket
            Resource:
              arn:aws:s3:::cqlreplicator

Outputs:
  cqlreplicatorNameBucketName:
    # Injected as CQLREPLICATOR_NAME_BUCKET_NAME environment variable into your main container.
    Description: "The name of a user-defined bucket."
    Value: cqlreplicator
  cqlreplicatorBucketAccessPolicy:
    Description: "The IAM::ManagedPolicy to attach to the task role"
    Value: !Ref cqlreplicatorBucketAccessPolicy