This stack was created just speed up the process of creating a S3 bucket as a network storage with versioning configured, and a 30 day window to recover the deleted or older versions of the file. Since this is something we do over and over for our clients, we decided to describe the configuration once, and just within minutes be on our way.
The stack will also create a special IAM Group with a in-line policy that gives any user that is attach to this group the correct rights to interact with the S3 objects. This policy takes in account the enabled versioning, to make it all work.
This stack is available to anyone at no cost, but on an as-is basis. 0x4447 LLC is not responsible for damages or costs of any kind that may occur when you use the stack. You take full responsibility when you use it.
All you need to do to deploy this stack is click the button to the left and follow the instructions that CloudFormation provides in your AWS Dashboard. Alternatively you can download the CF file from here.
The stack takes advantage of AWS S3 and AWS IAM Groups. You'll get:
- 1x S3 Bucket
- 1x IAM Group
After the stack is deployed the only thing left is to create a IAM user or use a pre-existing one and attach to this user the IAM Group that was created with the bare minimum actions needed to work with the bucket.
When you have S3 versioning enabled there is no UI in the AWS Dashboard that can help you recover all the files at once – you can only recover individual files. To recover everything that was delete the command line bellow is going to recover those files for you.
AWS_ACCESS_KEY_ID=KEY \
AWS_SECRET_ACCESS_KEY=SECRET \
aws s3api list-object-versions --bucket BUCKET_NAME --output text | \
grep -E "^DELETEMARKERS" | \
awk '{FS = "[\t]+"; print "aws s3api delete-object --bucket BUCKET_NAME --key \42"$3"\42 --version-id "$5";"}' >> undelete_script.sh
Once the CLI finishes working, you'll end up with the undelete_script.sh
file, which will contain in each line a separated action to remove the delete
flag from the S3 object. Make sure to review this file, and then set the it to be executable chmod +x undelete_script.sh
and run it.
When you want to deploy the stack, the only file you should be interested in is the CloudFormation.json
file. If you'd like to modify the stack, we recommend that you use the Grapes framework, which was designed to make it easier to work with the CloudFormation file. If you'd like to keep your sanity, never edit the main CF file 🤪.
If you enjoyed this project, please consider giving it a 🌟. And check out our 0x4447 GitHub account, where you'll find additional resources you might find useful or interesting.
This project is brought to you by 0x4447 LLC, a software company specializing in building custom solutions on top of AWS. Follow this link to learn more: https://0x4447.com. Alternatively, send an email to hello@0x4447.email.