Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CFE S3 bucket state file not supporting encrypted uploads #103

Closed
vishalsparmar opened this issue Aug 15, 2022 · 2 comments
Closed

CFE S3 bucket state file not supporting encrypted uploads #103

vishalsparmar opened this issue Aug 15, 2022 · 2 comments
Labels
enhancement New feature or request
Milestone
Release 1.13.0

Comments

@vishalsparmar
Copy link

Do you already have an issue opened with F5 support?

Github Issues are consistently monitored by F5 staff, but should be considered as best effort only and you should not expect to receive the same level of response as provided by F5 Support. Please open an case with F5 if this is a critical issue.

Description

Describe the problem you're having or the enhancement you'd like to request.
While using terraform to build F5 and CFE S3 bucket AWS state file usage. The CFE is fialing as the S3 bucket has encryption enabled.As per confirmation from F5 Architect the feature from CFE to use and pass ServerSideEncryption: "aws:kms" to s3.putObject when we upload the CFE state file is NOT supported.
Can we please enable this for AWS S3 CFE upload state file

Below is our S3 bucket policy

{

        "Sid": "DenyIncorrectEncryptionHeader",

        "Effect": "Deny",

        "Principal": "*",

        "Action": "s3:PutObject",

        "Resource": "arn:aws:s3:::bigip-xxx-test/*",

        "Condition": {

            "StringNotEquals": {

                "s3:x-amz-server-side-encryption": "AES256"

            }

        }

    },

    {

        "Sid": "DenyUnEncryptedObjectUploads",

        "Effect": "Deny",

        "Principal": "*",

        "Action": "s3:PutObject",

        "Resource": "arn:aws:s3:::bigip-xxx-test/*",

        "Condition": {

            "Null": {

                "s3:x-amz-server-side-encryption": "true"

            }

        }

Environment information

For bugs, enter the following information:

  • Cloud Failover Extension Version: 1.11.0
  • BIG-IP version:16.1.2.2
  • Cloud provider: AWS

version extension

"version": "1.11.0",
"release": "0",
"schemaCurrent": "1.11.0",
"schemaMinimum": "0.9.1"

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 2
restnoded.log

Severity level definitions:

  1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
  2. Severity 2 (High) : Defect is causing major obstruction of system operations.
  3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
  4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
  5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.
@shyawnkarim
Copy link

Thanks for submitting this request. We have added two stories to our backlog to address this enhancement. They are being tracking internally with IDs ESECLDTPLT-3157 and ESECLDPTLT-3158.

@shyawnkarim shyawnkarim added the enhancement New feature or request label Aug 15, 2022
@shyawnkarim shyawnkarim added this to the backlog milestone Aug 15, 2022
@shyawnkarim
Copy link

Closing. This issue was resolved with Release 1.13.0.

@shyawnkarim shyawnkarim modified the milestones: backlog, Release 1.13.0 Oct 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Release 1.13.0
Development

No branches or pull requests
2 participants
@shyawnkarim @vishalsparmar