3

I am trying to create a CloudFormation Script that will enable CloudTrail, and give the user an option to either create a new S3 bucket and use that, or use a currently existing S3 bucket. I'm new to AWS, so I'm a little lost. Here is some code I have taken and modified, so far without adding conditionals and such.

{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
    "UseExisitingBucket" : {
        "Description" : "Yes/No",
        "Default" : "Yes",
        "Type" :  "String",
        "AllowedValues" : [ "yes", "no"]
    },
    "BucketName" : {
        "Description" : "Name of the S3 bucket.",
        "Type" : "String"
    },
    "TopicName" : {
        "Description" : "Name of the SNS topic.",
        "Type" : "String",
        "Default" : ""
    },
    "IncludeGlobalServiceEvents" : {
        "Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
        "Type" : "String",
        "Default" : "false",
        "AllowedValues" : [
            "true",
            "false"
        ]
    }
},
"Conditions" : {
    "UseSNSTopic" : {
        "Fn::Not" : [
            {
                "Fn::Equals" : [
                    {
                        "Ref" : "TopicName"
                    },
                    ""
                ]
            }
        ]
    }
},
"Resources" : {
    "Trail" : {
        "Type" : "AWS::CloudTrail::Trail",
        "Properties" : {
            "IncludeGlobalServiceEvents" : {
                "Ref" : "IncludeGlobalServiceEvents"
            },
            "S3BucketName" : {
                "Ref" : "BucketName"
            },
            "SnsTopicName" : {
                "Fn::If" : [
                    "UseSNSTopic",
                    {
                        "Ref" : "TopicName"
                    },
                    {
                        "Ref" : "AWS::NoValue"
                    }
                ]
            },
            "IsLogging" : true
        }
    }
}

}

flyingcars34
  • 353
  • 4
  • 18

1 Answers1

3

You are very close, I would suggest, remove UseExisitingBucket parameter. Then add Default to BucketName so it would look something like this:

"ExistingBucketName" : {
    "Description" : "Name of the S3 bucket.",
    "Type" : "String",
    "Default": "None"
},

Add couple conditions to check if bucket was provided or if you need to create new one:

"Conditions": {
    "CreateNewBucket": {
        "Fn::Equals": [
            {
                "Ref": "ExistingBucketName"
            },
            "None"
        ]
    },
    "UseExistingBucket": {
        "Fn::Not": [
            {
                "Fn::Equals": [
                    {
                        "Ref": "ExistingBucketName"
                    },
                    "None"
                ]                
            } 
        ]
    }
}

Then create S3 Bucket resource with above condition, something like:

"S3Bucket": {
    "Condition": "CreateNewBucket",
    ...
    ...

}

Add 2 cloudtrail resources one with "CreateNewBucket" condition and pass "S3Bucket" resource and the other one with "UseExistingBucket" and pass "ExistingBucketName"

Vor
  • 33,215
  • 43
  • 135
  • 193