Reputation: 353
AWS: Cloudformation script create S3 bucket for CloudTrail based on conditionals
I am trying to create a CloudFormation Script that will enable CloudTrail, and give the user an option to either create a new S3 bucket and use that, or use a currently existing S3 bucket. I'm new to AWS, so I'm a little lost. Here is some code I have taken and modified, so far without adding conditionals and such.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
"UseExisitingBucket" : {
"Description" : "Yes/No",
"Default" : "Yes",
"Type" : "String",
"AllowedValues" : [ "yes", "no"]
},
"BucketName" : {
"Description" : "Name of the S3 bucket.",
"Type" : "String"
},
"TopicName" : {
"Description" : "Name of the SNS topic.",
"Type" : "String",
"Default" : ""
},
"IncludeGlobalServiceEvents" : {
"Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
"Type" : "String",
"Default" : "false",
"AllowedValues" : [
"true",
"false"
]
}
},
"Conditions" : {
"UseSNSTopic" : {
"Fn::Not" : [
{
"Fn::Equals" : [
{
"Ref" : "TopicName"
},
""
]
}
]
}
},
"Resources" : {
"Trail" : {
"Type" : "AWS::CloudTrail::Trail",
"Properties" : {
"IncludeGlobalServiceEvents" : {
"Ref" : "IncludeGlobalServiceEvents"
},
"S3BucketName" : {
"Ref" : "BucketName"
},
"SnsTopicName" : {
"Fn::If" : [
"UseSNSTopic",
{
"Ref" : "TopicName"
},
{
"Ref" : "AWS::NoValue"
}
]
},
"IsLogging" : true
}
}
}
}
Upvotes: 3
Views: 1215
Answers (1)
Reputation: 35129
You are very close, I would suggest, remove UseExisitingBucket parameter. Then add Default to BucketName so it would look something like this:
"ExistingBucketName" : {
"Description" : "Name of the S3 bucket.",
"Type" : "String",
"Default": "None"
},
Add couple conditions to check if bucket was provided or if you need to create new one:
"Conditions": {
"CreateNewBucket": {
"Fn::Equals": [
{
"Ref": "ExistingBucketName"
},
"None"
]
},
"UseExistingBucket": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ExistingBucketName"
},
"None"
]
}
]
}
}
Then create S3 Bucket resource with above condition, something like:
"S3Bucket": {
"Condition": "CreateNewBucket",
...
...
}
Add 2 cloudtrail resources one with "CreateNewBucket" condition and pass "S3Bucket" resource and the other one with "UseExistingBucket" and pass "ExistingBucketName"
Upvotes: 3
Related Questions
- CloudFormation, apply Condition on DependsOn
- How do I conditionally create an S3 bucket
- AWS cloudformation condition for creating a resource
- AWS Cloudformation: How do I check if a bucket exists from within the Cloudformation template?
- AWS Cloudformation - How to use If Else conditions
- How to force CloudFormation to use specific S3 bucket if it exists or create it otherwise?
- Set Event Value for Cloudtrail - all S3 buckets
- Cloudformation script stack building use existing s3 bucket instead of creating new (Error: s3-bucket-name already exists)
- AWS - Cloud formation Script to create S3 bucket and Distribution
- AWS CloudFormation add condition in s3bucket using troposphere