AWSTemplateFormatVersion: "2010-09-09" Description: AWS CloudFormation templates to create S3 buckets. **WARNING** You will be billed for data stored in AWS S3 buckets if you create a stack from this template. (qs-1nlkhq1nj) Parameters: RandomStringArn: Description: 'The ARN for the function that will generate the random value to be used in the naming of the S3 Buckets' Type: String SubmissionsBucketName: Description: 'The name of the S3 submission bucket. A random string will be appended to ensure uniqueness.' Type: String Default: datalake-submissions CuratedDatasetsName: Description: 'The name of the S3 curated datasets bucket. A random string will be appended to ensure uniqueness.' Type: String Default: datalake-curated-datasets PublishedDataName: Description: 'The name of the S3 published data bucket. A random string will be appended to ensure uniqueness.' Type: String Default: datalake-published-data RegionalLambdaBucketName: Description: 'The name of the S3 regional lambda bucket. A random string will be appended to ensure uniqueness.' Type: String Default: regional-lambda-bucket AthenaQueryResultsBucketName: Description: 'The name of the S3 Athena query results bucket. A random string will be appended to ensure uniqueness.' Type: String Default: datalake-athena-query-results Resources: RandomString: Type: Custom::RandomString Properties: ServiceToken: !Ref RandomStringArn Number: 7 SubmissionsBucket: Type: AWS::S3::Bucket Properties: BucketName: !Join - "-" - - !Ref "SubmissionsBucketName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} NotificationConfiguration: TopicConfigurations: - Event: s3:ObjectCreated:* Topic: !Ref "SubmissionsTopic" DependsOn: - SubmissionsTopicPolicy CuratedDatasets: Type: AWS::S3::Bucket Properties: BucketName: !Join - "-" - - !Ref "CuratedDatasetsName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} NotificationConfiguration: TopicConfigurations: - Event: s3:ObjectCreated:* Topic: !Ref "CuratedTopic" DependsOn: - CuratedTopicPolicy CuratedTopicPolicy: Type: AWS::SNS::TopicPolicy Metadata: cfn-lint: config: ignore_checks: - EPolicyWildcardPrincipal ignore_reasons: - EPolicyWildcardPrincipal: "Scope limited by condition" Properties: PolicyDocument: Id: TopicPolicy Version: "2012-10-17" Statement: - Sid: StatementId Effect: Allow Principal: "*" Action: sns:Publish Resource: !Ref "CuratedTopic" Condition: StringEquals: AWS:SourceAccount: !Ref "AWS::AccountId" ArnLike: AWS:SourceArn: !Sub - arn:aws:s3:::${BucketName} - BucketName: !Join - "-" - - !Ref "CuratedDatasetsName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} Topics: - !Ref "CuratedTopic" PublishedTopicPolicy: Type: AWS::SNS::TopicPolicy Metadata: cfn-lint: config: ignore_checks: - EPolicyWildcardPrincipal ignore_reasons: - EPolicyWildcardPrincipal: "Scope limited by condition" Properties: PolicyDocument: Id: TopicPolicy Version: "2012-10-17" Statement: - Sid: StatementId Effect: Allow Principal: "*" Action: sns:Publish Resource: !Ref "PublishedTopic" Condition: StringEquals: AWS:SourceAccount: !Ref "AWS::AccountId" ArnLike: AWS:SourceArn: !Sub - arn:aws:s3:::${BucketName} - BucketName: !Join - "-" - - !Ref "PublishedDataName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} Topics: - !Ref "PublishedTopic" PublishedTopic: Type: AWS::SNS::Topic Properties: {} CuratedTopic: Type: AWS::SNS::Topic Properties: {} PublishedData: Type: AWS::S3::Bucket Properties: BucketName: !Join - "-" - - !Ref "PublishedDataName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} NotificationConfiguration: TopicConfigurations: - Event: s3:ObjectCreated:* Topic: !Ref "PublishedTopic" DependsOn: - PublishedTopicPolicy SubmissionsTopic: Type: AWS::SNS::Topic Properties: {} SubmissionsTopicPolicy: Type: AWS::SNS::TopicPolicy Metadata: cfn-lint: config: ignore_checks: - EPolicyWildcardPrincipal ignore_reasons: - EPolicyWildcardPrincipal: "Scope limited by condition" Properties: PolicyDocument: Id: TopicPolicy Version: "2012-10-17" Statement: - Sid: StatementId Effect: Allow Principal: "*" Action: sns:Publish Resource: !Ref "SubmissionsTopic" Condition: StringEquals: AWS:SourceAccount: !Ref "AWS::AccountId" ArnLike: AWS:SourceArn: !Sub - arn:aws:s3:::${BucketName} - BucketName: !Join - "-" - - datalake - submissions - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} Topics: - !Ref "SubmissionsTopic" RegionalLambdaBucket: Type: AWS::S3::Bucket Properties: BucketName: !Join - "-" - - !Ref "RegionalLambdaBucketName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} AthenaQueryResultsBucket: Type: AWS::S3::Bucket Properties: BucketName: !Join - "-" - - !Ref "AthenaQueryResultsBucketName" - !Ref "AWS::AccountId" - !Ref "AWS::Region" - !Sub ${RandomString} Outputs: SubmissionsBucketARN: Value: !Join - "" - - "arn:aws:s3:::" - !Ref "SubmissionsBucket" Description: SubmissionsBucket bucket ARN SubmissionsBucketName: Value: !Ref "SubmissionsBucket" Description: SubmissionsBucket bucket ARN CuratedDatasetsARN: Value: !Join - "" - - "arn:aws:s3:::" - !Ref "CuratedDatasets" Description: CuratedDatasets bucket ARN CuratedBucketName: Value: !Ref "CuratedDatasets" Description: Curated datasets bucket ARN PublishedDataARN: Value: !Join - "" - - "arn:aws:s3:::" - !Ref "PublishedData" Description: PublishedData bucket ARN PublishedBucketName: Value: !Ref "PublishedData" Description: Bucket name for published results RegionalLambdaBucketARN: Value: !Join - "" - - "arn:aws:s3:::" - !Ref "RegionalLambdaBucket" Description: RegionalLambdaBucket bucket ARN RegionalLambdaBucketName: Value: !Ref "RegionalLambdaBucket" Description: RegionalLambdaBucket bucket name AthenaQueryResultsBucketARN: Value: !Join - "" - - "arn:aws:s3:::" - !Ref "AthenaQueryResultsBucket" Description: AthenaQueryResultsBucket bucket ARN AthenaQueryResultsBucketName: Value: !Ref "AthenaQueryResultsBucket" Description: AthenaQueryResultsBucket bucket name SubmissionsTopicARN: Value: !Ref "SubmissionsTopic" Description: SubmissionsTopic ARN CuratedTopicARN: Value: !Ref "CuratedTopic" Description: CuratedTopic ARN PublishedTopicARN: Value: !Ref "PublishedTopic" Description: PublishedTopic ARN