AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Standard bucket processing with destination bucket. Parameters: SourceBucketName: Type: String DestinationBucketName: Type: String Resources: ## S3 bucket SourceBucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref SourceBucketName DestinationBucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref DestinationBucketName # Enforce HTTPS only access to S3 bucket # BucketForImagePolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref SourceBucket PolicyDocument: Statement: - Action: s3:* Effect: Deny Principal: "*" Resource: - !Sub "arn:aws:s3:::${SourceBucket}/*" - !Sub "arn:aws:s3:::${SourceBucket}" Condition: Bool: aws:SecureTransport: false # Enforce HTTPS only access to S3 bucket # BucketForImagePolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref DestinationBucket PolicyDocument: Statement: - Action: s3:* Effect: Deny Principal: "*" Resource: - !Sub "arn:aws:s3:::${DestinationBucket}/*" - !Sub "arn:aws:s3:::${DestinationBucket}" Condition: Bool: aws:SecureTransport: false ## Lambda function S3ProcessorFunction: Type: AWS::Serverless::Function Properties: CodeUri: src/ Handler: app.handler Runtime: nodejs14.x MemorySize: 128 Policies: - S3ReadPolicy: BucketName: !Ref SourceBucketName - S3CrudPolicy: BucketName: !Ref DestinationBucketName Environment: Variables: DestinationBucketName: !Ref DestinationBucketName Events: FileUpload: Type: S3 Properties: Bucket: !Ref SourceBucket Events: s3:ObjectCreated:* Filter: S3Key: Rules: - Name: suffix Value: '.txt' Outputs: SourceBucketName: Value: !Ref SourceBucketName Description: Source bucket DestinationBucketName: Value: !Ref DestinationBucketName Description: Destination bucket FunctionArn: Value: !Ref S3ProcessorFunction Description: S3ProcessorFunction function ARN