AWSTemplateFormatVersion: 2010-09-09 Description: Lambda template to delete the contents of any bucket provided (qs-1ti2q47qb) Parameters: Bucket2Empty: Type: String BucketArn2Empty: Type: String Resources: LambdaExecute: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Policies: - PolicyName: DeleteS3Contents PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 's3:DeleteObject' - 's3:GetObject' Resource: !Join - '' - - !Ref BucketArn2Empty - /* - Effect: Allow Action: - 's3:ListBucket' Resource: - !Ref BucketArn2Empty RandomStringFunction: Type: AWS::Lambda::Function Properties: Description: Generates a random string for resource names Handler: index.handler Runtime: python3.7 Role: !GetAtt LambdaExecute.Arn Timeout: 900 Code: ZipFile: | import cfnresponse import logging import random import string logger = logging.getLogger(__name__) def randomStringDigits(stringLength=16): lettersAndDigits = string.ascii_letters + string.digits return ''.join(random.choice(lettersAndDigits) for i in range(stringLength)) def handler(event, context): logger.debug(event) status = cfnresponse.SUCCESS try: cfnData = event['ResourceProperties']['RandomLength'] randomkey = randomStringDigits(int(cfnData)) responseData = {} responseData['key'] = randomkey except Exception: logging.error('Unhandled exception', exc_info=True) status = cfnresponse.FAILED finally: cfnresponse.send(event, context, status, responseData, None) RandomString: Type: Custom::RandomString Properties: ServiceToken: !GetAtt 'RandomStringFunction.Arn' RandomLength: 8 LambdaEmptyBucket: Type: AWS::Lambda::Function Properties: Code: ZipFile: | import json, boto3, logging import cfnresponse logger = logging.getLogger() logger.setLevel(logging.INFO) def lambda_handler(event, context): logger.info("event: {}".format(event)) try: bucket = event['ResourceProperties']['BucketName'] logger.info("bucket: {}, event['RequestType']: {}".format(bucket,event['RequestType'])) if event['RequestType'] == 'Delete': s3 = boto3.resource('s3') bucket = s3.Bucket(bucket) for obj in bucket.objects.filter(): logger.info("delete obj: {}".format(obj)) s3.Object(bucket.name, obj.key).delete() sendResponseCfn(event, context, cfnresponse.SUCCESS) except Exception as e: logger.info("Exception: {}".format(e)) sendResponseCfn(event, context, cfnresponse.FAILED) def sendResponseCfn(event, context, responseStatus): responseData = {} responseData['Data'] = {} cfnresponse.send(event, context, responseStatus, responseData, "CustomResourcePhysicalID") Environment: Variables: BucketName: !Ref Bucket2Empty FunctionName: !Join - '' - - !GetAtt 'RandomString.key' - -DeleteBucketContents Handler: index.lambda_handler MemorySize: 128 PackageType: Zip Runtime: python3.7 Role: !GetAtt LambdaExecute.Arn cleanupBucketOnDelete: Type: Custom::cleanupbucket Properties: ServiceToken: !GetAtt LambdaEmptyBucket.Arn BucketName: !Ref Bucket2Empty