AWS::CloudFormation::StackSet is NOT supporting AWS S3 Best Practices

[citrusoft]

Customers obeying AWS S3 Best Practices will not store their artifacts on public S3 Buckets, rather, they will have private S3 buckets, thus the permissions s3:GetObject must be appended to these two lists... a) https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-cloudformation/blob/252695dbb90947fc70ced571e6ec983a50495c1c/aws-cloudformation-stackset/aws-cloudformation-stackset.json#L311

b) https://github.com/citrusoft/aws-cloudformation-resource-providers-cloudformation/blob/c6c7531c471250d211211416a47cdc3056b3167f/aws-cloudformation-stackset/pge-cloudformation-stackset.json#L333

Will you please append s3:GetObject to the above privileges ?

Here is an example. I have implemented the solution here... https://github.com/citrusoft/aws-cloudformation-resource-providers-cloudformation/blob/master/aws-cloudformation-stackset/pge-cloudformation-stackset.json

[xiwhuang]

Hi, Thanks a lot for reaching out. However, I couldn't reproduce in my end. Here was my test plan:

1. Created a regional private bucket
2. Created the stack with AWS::CloudFormation::StackSet resource using TemplateURL with ObjectURL https://${bucket_name}.s3-us-west-1.amazonaws.com/stack.json

Let me know if I miss anything.

[citrusoft]

@xiwhuang you are CORRECT; I had encountered the reported issue when I forked an earlier version of this repo. CLOSING since this is not an issue.