Release Storage Location template v1.0.0 (#8)

Author: mw-vmaffet

aws/README.md

@@ -10,6 +10,7 @@ Each template configures a specific chunk of infrastructure. MathWorks® refe
 | ------------- | ----------- |
 | [security-group](security-group) | Creates a security group to control the inbound and outbound traffic for the resources deployed in AWS. |
 | [log-location](log-location) | Creates a CloudWatch log group to store log events from AWS services. |
+| [storage-location](storage-location) | Creates an Amazon S3™ Bucket to store objects in AWS. |
 
 ## Usage
 
@@ -75,4 +76,4 @@ The [GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intr
 For support, visit [MathWorks Technical Support](https://www.mathworks.com/support/contact_us.html).
 
 ---
-Copyright 2023 The MathWorks, Inc.
+Copyright 2024 The MathWorks, Inc.

aws/storage-location/v1/.version

@@ -0,0 +1 @@
+v1.0.0

aws/storage-location/v1/storage-location.yml

@@ -0,0 +1,163 @@
+---
+AWSTemplateFormatVersion: '2010-09-09'
+
+Transform: AWS::LanguageExtensions
+
+Description: >
+  MathWorks Reference Architectures Template Storage Location: Creates an Amazon S3 Bucket to store objects in AWS. version: v1.0.0
+
+Metadata:
+  AWS::CloudFormation::Interface:
+    ParameterGroups:
+      - Label:
+          default: Bucket Options
+        Parameters:
+          - BucketName
+          - DeletionPolicy
+          - Versioning
+
+    ParameterLabels:
+      BucketName:
+        default: Bucket Name
+      DeletionPolicy:
+        default: Deletion Policy
+
+Parameters:
+  BucketName:
+    Type: String
+    Default: ''
+    Description: A name for the bucket. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the bucket name.
+    AllowedPattern: ^([a-z0-9][a-z0-9.-]{1,61}[a-z0-9])?$
+    ConstraintDescription: Bucket names must be between 3 and 63 characters long, consist only of lowercase letters, numbers, dots (.), and hyphens (-), and must begin and end with a letter or number.
+  DeletionPolicy:
+    Type: String
+    AllowedValues: [Delete, Retain]
+    Default: Retain
+    Description: Specify what to do with the bucket when its stack is deleted.
+  Versioning:
+    Type: String
+    AllowedValues: ['Yes', 'No']
+    Default: 'No'
+    Description: Version the objects in the bucket.
+
+Conditions:
+  GenerateName: !Equals [ !Ref BucketName, '' ]
+  DeleteBucket: !Equals [ !Ref DeletionPolicy, Delete ]
+  EnableVersioning: !Equals [ !Ref Versioning, 'Yes' ]
+
+Resources:
+  Bucket:
+    Type: AWS::S3::Bucket
+    DeletionPolicy: !Ref DeletionPolicy
+    Properties:
+      BucketName: !If [ GenerateName, !Ref AWS::NoValue, !Ref BucketName ]
+      VersioningConfiguration: !If [ EnableVersioning, Status: Enabled, !Ref AWS::NoValue ]
+
+  EmptyBucketLambda:
+    Type: AWS::Lambda::Function
+    Condition: DeleteBucket
+    Properties:
+      Code: 
+        ZipFile: |
+          import boto3
+          import cfnresponse
+
+          def lambda_handler(event, context):
+
+            status = cfnresponse.SUCCESS
+            data = {'Message': '', 'Errors': ''}
+
+            try:
+              if event['RequestType'] == 'Delete':
+                bucket_name = event['ResourceProperties']['BucketName']
+
+                s3 = boto3.resource('s3')
+                bucket = s3.Bucket(bucket_name)
+
+                versioning = bucket.Versioning()
+                if versioning.status:
+                  versioning.suspend()
+
+                  response = bucket.object_versions.delete()
+                  if any('Errors' in r for r in response):
+                    status = cfnresponse.FAILED
+                    data['Errors'] += ';'.join(str(r['Errors']) for r in response)
+                  else:
+                    data['Message'] += 'Versions deleted successfully.'
+
+                else:
+                  data['Message'] += 'Bucket is not versioned.'
+
+                response = bucket.objects.delete()
+                if any('Errors' in r for r in response):
+                  status = cfnresponse.FAILED
+                  data['Errors'] += ';'.join(str(r['Errors']) for r in response)
+                else:
+                  data['Message'] += 'Objects deleted successfully.'
+
+              else:
+                data['Message'] += 'Lambda created successfully.'
+
+            except Exception as e:
+              status = cfnresponse.FAILED
+              data['Exception'] = str(e)
+
+            cfnresponse.send(event, context, status, data)
+
+      Handler: index.lambda_handler
+      Runtime: python3.12
+      Timeout: 900
+      Role: !GetAtt EmptyBucketRole.Arn
+
+  EmptyBucketRole:
+    Type: AWS::IAM::Role
+    Condition: DeleteBucket
+    Properties: 
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+            Action:
+              - sts:AssumeRole
+      Path: /
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+      Policies:
+        - PolicyName: empty-bucket-core
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Sid: AllowRead
+                Effect: Allow
+                Action:
+                  - s3:ListBucket
+                  - s3:ListBucketVersions
+                  - s3:GetBucketVersioning
+                Resource: !GetAtt Bucket.Arn
+              - Sid: AllowEdit
+                Effect: Allow
+                Action:
+                  - s3:PutBucketVersioning
+                Resource: !GetAtt Bucket.Arn
+              - Sid: AllowDelete
+                Effect: Allow
+                Action:
+                  - s3:DeleteObject
+                  - s3:DeleteObjectVersion
+                Resource: !Sub ${Bucket.Arn}/*
+
+  EmptyBucketTrigger:
+    Type: Custom::LambdaTrigger
+    Condition: DeleteBucket
+    Properties: 
+      ServiceToken: !GetAtt EmptyBucketLambda.Arn
+      BucketName: !Ref Bucket
+
+Outputs:
+  BucketName:
+    Value: !Ref Bucket
+  BucketArn:
+    Value: !GetAtt Bucket.Arn