Description: | This module is used for unit testing the Module directive Parameters: LogBucketName: Type: String RetentionPolicy: Type: String ConditionName: Type: String Resources: ModuleExtension: Metadata: Extends: AWS::S3::Bucket Comment: A bucket that will pass cfn_nag checks cfn_nag: rules_to_suppress: - id: W51 reason: "Will be added by the consumer" DependsOn: - AdditionalResource1 AdditionalResource2 DeletionPolicy: !Ref RetentionPolicy UpdateReplacePolicy: Delete Properties: LoggingConfiguration: DestinationBucketName: !Ref LogBucket BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true Tags: - Key: test-tag Value: test-value1 LogBucket: Type: AWS::S3::Bucket Metadata: Comment: This bucket records access logs for MyBucket cfn_nag: rules_to_suppress: - id: W35 reason: "This is the log bucket" - id: W51 reason: "Will be added by the consumer" DeletionPolicy: Delete UpdateReplacePolicy: !Ref RetentionPolicy DependsOn: - AdditionalResource1 AdditionalResource2 Properties: BucketName: !Ref LogBucketName BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 VersioningConfiguration: Status: Enabled PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true IgnorePublicAcls: true RestrictPublicBuckets: true AdditionalResource1: Type: AWS::S3::Bucket Properties: X: !Ref NotFound A: !GetAtt ModuleExtension.Arn B: - !GetAtt ModuleExtension.Arn - C: !GetAtt ModuleExtension.Arn AdditionalResource2: Type: AWS::S3::Bucket DependsOnModuleExtension: Type: AWS::S3::Bucket DependsOn: ModuleExtension ConditionalResource: Condition: ConditionName Type: AWS::S3::Bucket