Parameters:
  App:
    Type: String
    Description: Your application's name.
  Env:
    Type: String
    Description: The name of the environment being deployed.

Resources:
  cqlreplicatorBucket:
    Metadata:
      'aws:copilot:description': 'An Amazon S3 bucket, cql-replicator, for storing and retrieving objects'
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private
      BucketEncryption:
        ServerSideEncryptionConfiguration:
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
      OwnershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerEnforced

  cqlreplicatorBucketPolicy:
    Metadata:
      'aws:copilot:description': 'A bucket policy to deny unencrypted access to the bucket and its contents'
    Type: AWS::S3::BucketPolicy
    DeletionPolicy: Retain
    Properties:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Sid: ForceHTTPS
            Effect: Allow
            Principal: '*'
            Action: 's3:*'
            Resource: 
              - arn:aws:s3:::cqlreplicator/*
              - arn:aws:s3:::cqlreplicator
            Condition: 
              Bool:
                "aws:SecureTransport": false
      Bucket: cqlreplicator

Outputs:
  cqlreplicatorName:
    Description: "The name of a user-defined bucket."
    Value: cqlreplicator
    Export:
      Name: cqlreplicator
  cqlreplicatorBucketARN:
    Description: "The ARN of the cql-replicator bucket."
    Value: arn:aws:s3:::cqlreplicator
    Export:
      Name: arn:aws:s3:::cqlreplicator