Skip to content

Commit

Permalink
PLA-45823 - Updated remediation job to restrict unsecured HTTP reques…
Browse files Browse the repository at this point in the history
…ts for S3 Bucket (#131)
  • Loading branch information
kshrutik authored Dec 5, 2022
1 parent 52daae6 commit f5d0266
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ def remediate(self, client, cloud_account_id, bucket_name):
"Sid": "Restrict Non-https Requests",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Action": "s3:*",
"Resource": f"arn:aws:s3:::{bucket_name}/*",
"Condition": {"Bool": {"aws:SecureTransport": "false"}},
}
Expand Down
2 changes: 1 addition & 1 deletion test/unit/test_aws_s3_bucket_policy_allow_https.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ def test_remediate_success(self):
"Sid": "Restrict Non-https Requests",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket_name/*",
"Condition": {"Bool": {"aws:SecureTransport": "false"}},
},
Expand Down

0 comments on commit f5d0266

Please sign in to comment.