AWSTemplateFormatVersion: 2010-09-09
Description: Lambda template to delete the contents of any bucket provided (qs-1ti330r6c)
Parameters:
Bucket2Empty:
Type: String
BucketArn2Empty:
Type: String
Resources:
LambdaExecute:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Policies:
- PolicyName: DeleteS3Contents
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 's3:DeleteObject'
- 's3:GetObject'
Resource: !Join
- ''
- - !Ref BucketArn2Empty
- /*
- Effect: Allow
Action:
- 's3:ListBucket'
Resource:
- !Ref BucketArn2Empty
RandomStringFunction:
Type: AWS::Lambda::Function
Properties:
Description: Generates a random string for resource names
Handler: index.handler
Runtime: python3.7
Role: !GetAtt LambdaExecute.Arn
Timeout: 900
Code:
ZipFile: |
import cfnresponse
import logging
import random
import string
logger = logging.getLogger(__name__)
def randomStringDigits(stringLength=16):
lettersAndDigits = string.ascii_letters + string.digits
return ''.join(random.choice(lettersAndDigits) for i in range(stringLength))
def handler(event, context):
logger.debug(event)
status = cfnresponse.SUCCESS
try:
cfnData = event['ResourceProperties']['RandomLength']
randomkey = randomStringDigits(int(cfnData))
responseData = {}
responseData['key'] = randomkey
except Exception:
logging.error('Unhandled exception', exc_info=True)
status = cfnresponse.FAILED
finally:
cfnresponse.send(event, context, status, responseData, None)
RandomString:
Type: Custom::RandomString
Properties:
ServiceToken: !GetAtt 'RandomStringFunction.Arn'
RandomLength: 8
LambdaEmptyBucket:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: |
import json, boto3, logging
import cfnresponse
logger = logging.getLogger()
logger.setLevel(logging.INFO)
def lambda_handler(event, context):
logger.info("event: {}".format(event))
try:
bucket = event['ResourceProperties']['BucketName']
logger.info("bucket: {}, event['RequestType']: {}".format(bucket,event['RequestType']))
if event['RequestType'] == 'Delete':
s3 = boto3.resource('s3')
bucket = s3.Bucket(bucket)
for obj in bucket.objects.filter():
logger.info("delete obj: {}".format(obj))
s3.Object(bucket.name, obj.key).delete()
sendResponseCfn(event, context, cfnresponse.SUCCESS)
except Exception as e:
logger.info("Exception: {}".format(e))
sendResponseCfn(event, context, cfnresponse.FAILED)
def sendResponseCfn(event, context, responseStatus):
responseData = {}
responseData['Data'] = {}
cfnresponse.send(event, context, responseStatus, responseData, "CustomResourcePhysicalID")
Environment:
Variables:
BucketName: !Ref Bucket2Empty
FunctionName: !Join
- ''
- - !GetAtt 'RandomString.key'
- -DeleteBucketContents
Handler: index.lambda_handler
MemorySize: 128
PackageType: Zip
Runtime: python3.7
Role: !GetAtt LambdaExecute.Arn
cleanupBucketOnDelete:
Type: Custom::cleanupbucket
Properties:
ServiceToken: !GetAtt LambdaEmptyBucket.Arn
BucketName: !Ref Bucket2Empty