AWSTemplateFormatVersion: 2010-09-09 Resources: S3BadBucket: Type: AWS::S3::Bucket Properties: AccessControl: Private NotificationConfiguration: TopicConfigurations: - Topic: !Sub arn:aws:sns:us-east-1:123456789012:TestTopic Event: s3:ReducedRedundancyLostObject SampleBadBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref S3BadBucket PolicyDocument: Statement: - Action: - s3:GetObject Effect: Allow Resource: !Sub arn:aws:s3:::${S3BadBucket} Principal: "*" SampleRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / SampleBadIAMPolicy1: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - sns:Publish Resource: !Sub arn:${AWS::Partition}:sns:us-east-1:${AWS::AccountId}:TestTopic Roles: - !Ref SampleRole SampleBadIAMPolicy2: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - sns:Publish Resource: - !Sub arn:${AWS::Partition}:sns:us-east-1:${AWS::AccountId}:TestTopic - !Sub arn:${AWS::Partition}:sns:${AWS::Region}:${AWS::AccountId}:TestTopic Roles: - !Ref SampleRole SampleBadIAMPolicy3: Type: AWS::IAM::ManagedPolicy Properties: PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - sns:Publish Resource: - !Sub arn:${AWS::Partition}:sns:${AWS::Partition}:${AWS::AccountId}:TestTopic Roles: - !Ref SampleRole