Do not require public-read acl

bin/deploy

@@ -14,10 +14,10 @@ zip deploy/templates.zip ecs-blue-green-deployment.yaml templates/*
 cd scripts && zip scripts.zip * && cd ..
 mv scripts/scripts.zip deploy/scripts.zip
 
-aws s3 cp deploy/templates.zip "s3://${bucket}" --acl public-read
-aws s3 cp deploy/scripts.zip "s3://${bucket}" --acl public-read
-aws s3 cp ecs-blue-green-deployment.yaml "s3://${bucket}" --acl public-read
-aws s3 cp --recursive templates/ "s3://${bucket}/templates" --acl public-read
-aws s3 cp --recursive scripts/ "s3://${bucket}/scripts" --acl public-read
+aws s3 cp deploy/templates.zip "s3://${bucket}"
+aws s3 cp deploy/scripts.zip "s3://${bucket}"
+aws s3 cp ecs-blue-green-deployment.yaml "s3://${bucket}"
+aws s3 cp --recursive templates/ "s3://${bucket}/templates"
+aws s3 cp --recursive scripts/ "s3://${bucket}/scripts"
 aws s3api put-bucket-versioning --bucket "${bucket}" --versioning-configuration Status=Enabled
 aws cloudformation deploy --stack-name $stackname --template-file ecs-blue-green-deployment.yaml --capabilities CAPABILITY_NAMED_IAM --parameter-overrides GitHubUser=$GitHubUser GitHubToken=$GitHubToken TemplateBucket=$bucket

templates/deployment-pipeline.yaml

@@ -117,7 +117,10 @@ Resources:
                   - ec2:*
                   - elasticloadbalancing:*
                   - autoscaling:*
-
+              - Resource: !Sub arn:aws:s3:::${TemplateBucket}/*
+                Effect: Allow
+                Action:
+                  - s3:GetObject
   CodeBuildServiceRole:
     Type: AWS::IAM::Role
     Properties: