updated bucket policy

2021-08-11 16:47:31 +05:30
parent 6fe437d2c1
commit cd8ea24c61
2 changed files with 32 additions and 1 deletions
@@ -15,7 +15,7 @@ atomic_tests:
    s3_bucket_name:
      description: Name of the bucket
      type: String
-      default: "functionaltesttrail"
+      default: "redatomic-test"
    region:
      description: Name of the region
      type: String
@@ -25,6 +25,8 @@ atomic_tests:
        Check if ~/.aws/credentials file has a default stanza is configured
      prereq_command: |
        cat ~/.aws/credentials | grep "default"
+        aws s3api create-bucket --bucket #{s3_bucket_name} --region #{region}
+        aws s3api put-bucket-policy --bucket redatomic-test --policy file://$PathToAtomicsFolder/T1562.008/policy.json
      get_prereq_command: |
        echo Please install the aws-cli and configure your AWS defult profile using: aws configure
  executor:
@@ -33,5 +35,6 @@ atomic_tests:
       aws cloudtrail update-trail --name #{cloudtrail_name} --s3-bucket-name #{s3_bucket_name}  --is-multi-region-trail --region #{region}
       aws cloudtrail stop-logging --name #{cloudtrail_name} --region #{region}
       aws cloudtrail delete-trail --name #{cloudtrail_name} --region #{region}
+       aws s3 rb s3://#{s3_bucket_name} --force 
    name: sh
    elevation_required: false
@@ -0,0 +1,28 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AWSCloudTrailAclCheck20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:GetBucketAcl",
+            "Resource": "arn:aws:s3:::redatomic-test"
+        },
+        {
+            "Sid": "AWSCloudTrailWrite20150319",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "cloudtrail.amazonaws.com"
+            },
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::redatomic-test/AWSLogs/*",
+            "Condition": {
+                "StringEquals": {
+                    "s3:x-amz-acl": "bucket-owner-full-control"
+                }
+            }
+        }
+    ]
+}