-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAmazonS3Copy.yaml
More file actions
140 lines (124 loc) · 4.17 KB
/
AmazonS3Copy.yaml
File metadata and controls
140 lines (124 loc) · 4.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Description: This Template create a destination S3 bucket and copy the content from a source S3 bucket.
Parameters:
InputS3Bucket:
Description: Enter Source S3 Bucket ARN
Type: String
Default: arn:aws:s3:::bluagetesting
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
RootRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: root
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:ListBucket
- logs:CreateLogGroup
Resource:
- !Ref InputS3Bucket
- !Join
- ''
- - !Ref InputS3Bucket
- '/*'
- !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*'
- Effect: Allow
Action:
- logs:CreateLogStream
- s3:ListBucket
- logs:PutLogEvents
Resource:
- !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*'
- !Join
- ''
- - 'arn:aws:s3:::'
- !Ref S3Bucket
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource:
- !Join
- ''
- - 'arn:aws:s3:::'
- !Ref S3Bucket
- '/*'
primer:
Type: AWS::Lambda::Function
Properties:
Handler: index.lambda_handler
Runtime: python3.8
Role: !GetAtt RootRole.Arn
Timeout: 300
Code:
ZipFile: |
import json
import boto3
import cfnresponse
s3_client=boto3.client('s3')
# lambda function to copy files from s3 to another s3
def lambda_handler(event, context):
#specify source bucket
print(event)
source_bucket_name=event['ResourceProperties']['sourcebucket']
destination_bucket_name=event['ResourceProperties']['destinationbucket']
response = s3_client.list_objects(Bucket=source_bucket_name)
i=0
while i < len(response['Contents']):
file_name=response['Contents'][i]['Key']
print(file_name)
copy_object={'Bucket':source_bucket_name,'Key':file_name}
s3_client.copy_object(CopySource=copy_object,Bucket=destination_bucket_name,Key=file_name)
i=i+1
responseData = {}
responseBody = {
'Status' : 'SUCCESS',
'Reason' : "See the details in CloudWatch Log Stream: {}".format(context.log_stream_name),
'PhysicalResourceId' : context.log_stream_name,
'StackId' : event['StackId'],
'RequestId' : event['RequestId'],
'LogicalResourceId' : event['LogicalResourceId'],
'NoEcho' : False,
'Data' : responseData
}
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseBody, "CustomResourcePhysicalID")
LambdaLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Join [ "", [ '/aws/lambda/', !Ref primer ] ]
RetentionInDays: 7
LambdaInvoke:
Type: 'Custom::LambdaCallout'
Properties:
ServiceToken: !GetAtt primer.Arn
sourcebucket: !Select [1, !Split [":::", !Ref InputS3Bucket]]
destinationbucket: !Ref S3Bucket
Outputs:
S3BucketOutput:
Description: Destination S3 Bucket
Value: !Ref S3Bucket
IAMRoleOutput:
Description: IAM Role
Value: !Ref RootRole
LambdaInvokeOutput:
Description: Lambda Function
Value: !GetAtt LambdaInvoke.Status