# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
Description: S3 Bucket for deployment of DRS Configuration Synchronizer Lambda function
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  LambdaDeploymentBucket:
    Type: "AWS::S3::Bucket"
    Properties:
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: DeleteRule
            Status: Enabled
            ExpirationInDays: '90'

  LambdaDeploymentBucketPolicy:
    Type: "AWS::S3::BucketPolicy"
    Properties:
      Bucket: !Ref LambdaDeploymentBucket
      PolicyDocument:
        Version: '2012-10-17'
        Id: SSEAndSSLPolicy
        Statement:
          - Sid: DenyInsecureConnections
            Effect: Deny
            Principal: "*"
            Action: s3:*
            Resource:
              - !Join
                - ''
                - - Fn::GetAtt: [LambdaDeploymentBucket, Arn]
                  - '/*'
            Condition:
              Bool:
                aws:SecureTransport: 'false'
          - Sid: DenyS3PublicObjectACL
            Effect: Deny
            Principal: "*"
            Action: s3:PutObjectAcl
            Resource:
              - !Join
                - ''
                - - Fn::GetAtt: [LambdaDeploymentBucket, Arn]
                  - '/*'
            Condition:
              StringEqualsIgnoreCaseIfExists:
                s3:x-amz-acl:
                  - public-read
                  - public-read-write
                  - authenticated-read
Outputs:
  LambdaDeploymentBucketName:
    Value: !Ref LambdaDeploymentBucket
    Description: "Lambda S3 deployment bucket name for deployment support of DRS Configuration Synchronizer lambda function"
    Export:
      Name: !Sub "drs-configuration-sychronizer-bucket-name"