-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
data/aws/bootstrap: Block public ACLs, etc. for the S3 bucket #1203
Conversation
The bucket is already private [1], but when browsing S3 in the AWS web console today (e.g. [2]), I noticed these buckets had public access settings described as: Manage public access control lists (ACLs) Block new public ACLs and uploading public objects (Recommended) False Remove public access granted through public ACLs (Recommended) False Manage public bucket policies Block new public bucket policies (Recommended) False Block public and cross-account access if bucket has public policies (Recommended) False and the overview tab [3] had Access warnings like "Objects can be public". We might as well shut all of that down, by using this access-block resource [4]. [1]: https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#acl [2]: https://s3.console.aws.amazon.com/s3/buckets/terraform-20190206183528155600000001/?region=us-east-1&tab=permissions [3]: https://s3.console.aws.amazon.com/s3/home?region=us-east-1 [4]: https://www.terraform.io/docs/providers/aws/r/s3_bucket_public_access_block.html
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
CC @cuppett |
I guess I need to bump our provider. |
Since there is no implicit dependency between |
closing due to inactivity. Please reopen if needed. /close |
@abhinavdahiya: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
#1442 brought in |
Dunno about that, but it seems to be pretty common at 32% of all upgrade failures: /test e2e-aws-upgrade |
@wking: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Closing due to this being open for a long time, Please feel free to reopen /close |
@abhinavdahiya: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The bucket is already private, but when browsing S3 in the AWS web console today (e.g. here), I noticed these buckets had public access settings described as:
and the overview tab had Access warnings like "Objects can be public". We might as well shut all of that down, by using this access-block resource.