# Create Shared Assets Bucket

This bucket is used to store assets that we want to share with all our customers. Assets like compiled Cloudformation templates will be housed in this bucket. We can automatically share these assets to accounts that live in a certain OU via the bucket's access policy.

First create an S3 bucket named jetrails-shared-assets-staging and under the Permissions tab, for Bucket Policy paste this:

s3-bucket-policy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::jetrails-shared-assets-staging",
                "arn:aws:s3:::jetrails-shared-assets-staging/*"
            ],
            "Condition": {
                "ForAnyValue:StringLike": {
                    "aws:PrincipalOrgPaths": "o-t3sppsehs4/*/ou-oezy-zmb0bkr6/*"
                }
            }
        }
    ]
}

s3-bucket-policy.json

s3-bucket-policy.json 593B

Note

In the above code snippet, o-t3sppsehs4 is the organization id for the master account and ou-oezy-zmb0bkr6 is the OU that holds all active organizations. In between the organization id and the OU, you can expect there to be a root id. A wildcard is used to ignore tree structure depth and instead give access to all accounts if they are under the specified OU.