Skill

aws-cloudformation-s3

Provides AWS CloudFormation patterns for S3 buckets, policies, versioning, lifecycle rules, and template structures with Parameters, Outputs, Mappings, Conditions, and cross-stack references. Use for production S3 infrastructure.

AWS

Bash

infrastructure

devops

From developer-kit-aws

Install

Run in your terminal

npx claudepluginhub giuseppe-trisciuoglio/developer-kit --plugin developer-kit-aws

Tool Access

This skill is limited to using the following tools:

ReadWriteBash

Supporting Assets

View in Repository

references/advanced-configuration.md

references/complete-examples.md

references/examples.md

references/reference.md

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.6k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

hybrid-cloud-networking

1 file

Configures VPN and dedicated connections like Direct Connect, ExpressRoute, Interconnect for secure on-premises to AWS, Azure, GCP, OCI hybrid networking.

cloud-infrastructure

33.0k

Stats

Parent Repo Stars174

Parent Repo Forks17

Last CommitMar 24, 2026

Actions

View Source View Plugin View on GitHub View README

AWS CloudFormation S3 Patterns

Provides S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure best practices for production-ready infrastructure.

When to Use

Creating S3 buckets with custom configurations
Implementing bucket policies for access control
Configuring S3 versioning for data protection
Setting up lifecycle rules for data management
Creating Outputs for cross-stack references
Using Parameters with AWS-specific types
Organizing templates with Mappings and Conditions

Overview

S3 bucket configurations, policies, versioning, lifecycle rules, and CloudFormation template structure for production-ready infrastructure.

Instructions

Define Bucket Resources: Create AWS::S3::Bucket with versioning, encryption, PublicAccessBlock
Configure Bucket Policy: Set up IAM policies for access control
Set Up Lifecycle Rules: Define transitions and expiration policies
Configure CORS: Allow cross-origin requests if needed
Add Outputs: Export bucket names/ARNs for cross-stack references

Validate before deploy:

aws cloudformation validate-template --template-body file://template.yaml

Deploy with rollback on failure:

aws cloudformation deploy \
  --template-file template.yaml \
  --stack-name my-s3-stack \
  --capabilities CAPABILITY_IAM

If deployment fails, CloudFormation automatically rolls back. Check failures with:

aws cloudformation describe-stack-events --stack-name my-s3-stack

Quick Reference

Resource Type	Purpose
`AWS::S3::Bucket`	Create S3 bucket
`AWS::S3::BucketPolicy`	Set bucket-level policies
`AWS::S3::BucketReplication`	Cross-region replication
Parameters	Input values for customization
Mappings	Static configuration tables
Conditions	Conditional resource creation
Outputs	Return values for cross-stack references

Examples

Basic S3 Bucket

Resources:
  DataBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-data-bucket

Bucket with Versioning and Encryption

DataBucket:
  Type: AWS::S3::Bucket
  Properties:
    BucketName: !Sub "${AWS::StackName}-data"
    VersioningConfiguration:
      Status: Enabled
    BucketEncryption:
      ServerSideEncryptionConfiguration:
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256
    PublicAccessBlockConfiguration:
      BlockPublicAcls: true
      BlockPublicPolicy: true

Lifecycle Rule

DataBucket:
  Type: AWS::S3::Bucket
  Properties:
    LifecycleConfiguration:
      Rules:
        - Id: ArchiveOldData
          Status: Enabled
          Transitions:
            - StorageClass: GLACIER
              TransitionInDays: 365

Bucket Policy

BucketPolicy:
  Type: AWS::S3::BucketPolicy
  Properties:
    Bucket: !Ref DataBucket
    PolicyDocument:
      Statement:
        - Effect: Allow
          Principal:
            AWS: !Ref RoleArn
          Action:
            - s3:GetObject
          Resource: !Sub "${DataBucket.Arn}/*"

See references/complete-examples.md for more complete examples including CORS, static websites, replication, and production-ready configurations.

Template Structure

Template Sections

AWSTemplateFormatVersion: 2010-09-09
Description: Template description

Mappings: {}       # Static configuration tables
Metadata: {}       # Additional information
Parameters: {}     # Input values
Conditions: {}     # Conditional creation
Transform: {}      # Macro processing
Resources: {}      # AWS resources (REQUIRED)
Outputs: {}        # Return values

Parameters

Parameters:
  BucketName:
    Type: String
    Description: S3 bucket name
    Default: my-bucket
    MinLength: 3
    MaxLength: 63
    AllowedPattern: '^[a-z0-9-]+$'

Conditions

Conditions:
  IsProduction: !Equals [!Ref Environment, prod]
  ShouldEnableVersioning: !Equals [!Ref EnableVersioning, 'true']

Resources:
  DataBucket:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: !If [ShouldEnableVersioning, Enabled, Suspended]

Outputs

Outputs:
  BucketName:
    Description: Name of the S3 bucket
    Value: !Ref DataBucket
    Export:
      Name: !Sub '${AWS::StackName}-BucketName'

See references/advanced-configuration.md for detailed Mappings, Conditions, Parameters, and cross-stack references.

Best Practices

Public Access Block: Always enable for non-static website buckets
Versioning: Enable for critical data to prevent accidental deletion
Bucket Policies: Use instead of ACLs for access control
Lifecycle Rules: Implement cost optimization with tiering
Encryption: Enable default encryption (SSE-KMS or AES256)
Tags: Tag all resources for organization and cost allocation
Outputs: Export bucket names/ARNs for cross-stack references
Parameters: Use parameters for reusability across environments

Common Troubleshooting

Bucket already exists: Use unique bucket names with CloudFormation stack name Access denied: Verify bucket policy and IAM permissions Versioning conflicts: Cannot suspend versioning once objects exist Lifecycle not working: Check rule status and prefix filters Cross-stack references: Ensure outputs are exported before importing

Related Skills

aws-cloudformation-security - Security best practices for S3
aws-cloudformation-lambda - Lambda triggers for S3 events
aws-cloudformation-iam - IAM roles for S3 access

References

Complete Examples

references/complete-examples.md - Basic buckets, versioning, lifecycle, CORS, policies, production stacks, event notifications, static websites, replication

Advanced Configuration

references/advanced-configuration.md - Parameters, Mappings, Conditions, Outputs, Metadata, DeletionPolicy, DependsOn, Transform

Constraints and Warnings

Bucket names: Must be globally unique (across all AWS accounts)
Versioning: Cannot be suspended once objects exist in bucket
Lifecycle rules: Minimum 1 day for expiration, 0 days for transitions
Bucket policies: Limited to 20 KB in size
Public access: Blocked by default; requires explicit configuration
CORS: Limited to 100 rules per bucket
Replication: Versioning must be enabled on both source and destination
Encryption: KMS keys must be in same region as bucket
Tags: Maximum 50 tags per resource
Stack limits: CloudFormation limits resources per stack (200 default)