AWSTemplateFormatVersion: "2010-09-09" Parameters: EmptyBucketLambdaName: Type: String Default: EmptyBucketLambda Resources: EmptyBucketLambda: Type: AWS::Lambda::Function Properties: FunctionName: !Ref EmptyBucketLambdaName Code: ZipFile: | import json, boto3, logging import cfnresponse logger = logging.getLogger() logger.setLevel(logging.INFO) def lambda_handler(event, context): logger.info("event: {}".format(event)) try: bucket = event['ResourceProperties']['BucketName'] logger.info("bucket: {}, event['RequestType']: {}".format(bucket,event['RequestType'])) if event['RequestType'] == 'Delete': s3 = boto3.resource('s3') bucket = s3.Bucket(bucket) for obj in bucket.objects.filter(): s3.Object(bucket.name, obj.key).delete() sendResponseCfn(event, context, cfnresponse.SUCCESS) except Exception as e: logger.info("Exception: {}".format(e)) sendResponseCfn(event, context, cfnresponse.FAILED) def sendResponseCfn(event, context, responseStatus): responseData = {} responseData['Data'] = {} cfnresponse.send(event, context, responseStatus, responseData, "CustomResourcePhysicalID") Handler: "index.lambda_handler" Runtime: python3.7 MemorySize: 128 Timeout: 30 Role: !GetAtt EmptyBucketLambdaRole.Arn EmptyBucketLambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: root PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - s3:* Resource: "*"