Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 Bucket for Zappa is not encrypted by default. #1792

Open
dci-aloughran opened this issue Feb 28, 2019 · 2 comments
Open

S3 Bucket for Zappa is not encrypted by default. #1792

dci-aloughran opened this issue Feb 28, 2019 · 2 comments

Comments

@dci-aloughran
Copy link

The S3 bucket used to host the zappa files is not encrypted. S3 has recently been updated to allow default server-side encryption.

Context

The ability to set S3 bucket to be encrypted by default adds a subtle but additional layer of security to your S3 buckets.

Expected Behavior

S3 bucket should be created with default encryption turned on to AES256.

Actual Behavior

S3 bucket is created with no encryption.

Possible Fix

I've added the code that sets the default encryption on the bucket to SSE AES256.

Steps to Reproduce

  1. Create a new Zappa app using this code.
  2. Create a new test project
  3. See that the bucket is now set with "Default Encryption" on, in the Bucket Properties.
@dci-aloughran dci-aloughran mentioned this issue Feb 28, 2019
Draft
@elcolie
Copy link

elcolie commented Mar 24, 2020

I propose input argument like awscli like --sse to do the job
Because not all people really need default encryption

image (2)

StevePorter92 added a commit to StevePorter92/Zappa that referenced this issue Mar 26, 2020
@StevePorter92
Add S3 upload arguments
6e6d9a3 
This allows the use of upload arguments to be passed through to the S3
client.

This will enable server side encryption on S3 buckets.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS

For Miserlou#1792
StevePorter92 added a commit to StevePorter92/Zappa that referenced this issue Mar 26, 2020
@StevePorter92
Add S3 upload arguments
536f165 
This allows the use of upload arguments to be passed through to the S3
client.

This will enable server side encryption on S3 buckets.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS

For Miserlou#1792
StevePorter92 added a commit to StevePorter92/Zappa that referenced this issue Mar 26, 2020
@StevePorter92
Add S3 upload arguments
e3e7f88 
This allows the use of upload arguments to be passed through to the S3
client.

This will enable server side encryption on S3 buckets.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/customizations/s3.html#boto3.s3.transfer.S3Transfer.ALLOWED_UPLOAD_ARGS

For Miserlou#1792
@StevePorter92 StevePorter92 mentioned this issue Mar 26, 2020
Open
@cyrillay
Copy link

cyrillay commented Dec 2, 2020

Same issue here. Currently we have to add the bucket encryption manually after if was created by Zappa. We'd like Zappa to create the bucket with encryption, either by default or with a configuration in zappa_settings.json.

This was referenced Feb 20, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@elcolie @dci-aloughran @cyrillay