Skip to content

Commit

Permalink
Enforce SecureTransport policy on AccessLogsBucket (#863)
Browse files Browse the repository at this point in the history 
aws-cloudformation/cloudformation-cli#389
aws-cloudformation/cloudformation-cli#396
  • Loading branch information
@PatMyron
PatMyron authored Oct 18, 2022
1 parent a7f7653 commit 990d58c
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions src/rpdk/core/data/managed-upload-infrastructure.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,24 @@ Resources:
"aws:SecureTransport": "false"
Principal: "*"

AccessLogsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref AccessLogsBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: Require Secure Transport
Action: "s3:*"
Effect: Deny
Resource:
- !Sub "arn:${AWS::Partition}:s3:::${AccessLogsBucket}"
- !Sub "arn:${AWS::Partition}:s3:::${AccessLogsBucket}/*"
Condition:
Bool:
"aws:SecureTransport": "false"
Principal: "*"

EncryptionKey:
Type: AWS::KMS::Key
DeletionPolicy: Retain
Expand Down

0 comments on commit 990d58c

Please sign in to comment.