Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removing policy attribute for S3 bucket #86

Merged
merged 3 commits into from
Apr 27, 2021
Merged

Removing policy attribute for S3 bucket #86

merged 3 commits into from
Apr 27, 2021

Conversation

justnom
Copy link
Contributor

@justnom justnom commented Apr 26, 2021

what

  • Fixing a bug where the bucket policy would flip-flop on Terraform apply if var.policy and any of var.allow_ssl_requests_only, var.allow_encrypted_uploads_only were set

why

  • The aws_s3_bucket.policy attribute was competing with the aws_s3_bucket_policy resource

@justnom
Removing policy attribute for S3 bucket
a084df9 
Fixing a bug where the bucket policy would flip-flop on Terraform apply if `var.policy` and any of `var.allow_ssl_requests_only`, `var.allow_encrypted_uploads_only` were set.
@justnom justnom requested review from a team as code owners April 26, 2021 16:48
@justnom justnom requested review from Gowiem and nitrocode April 26, 2021 16:48
bridgecrew[bot]
bridgecrew bot reviewed Apr 26, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found 1 infrastructure configuration error in this PR ⬇️

main.tf
@@ -10,7 +10,6 @@ resource "aws_s3_bucket" "default" {
bucket = local.bucket_name
acl = try(length(var.grants), 0) == 0 ? var.acl : null
force_destroy = var.force_destroy
policy = var.policy
tags = module.this.tags
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error Description: Ensure all data stored in the S3 bucket is securely encrypted at rest
Category: Storage | Severity: HIGH
Resource: aws_s3_bucket [default], lines: 5 - 196

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't this already defined https://github.com/cloudposse/terraform-aws-s3-bucket/blob/master/main.tf#L99 ??

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bridcrew does not understand dynamics with enable variables

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add : BC_AWS_S3_14 to the bridgecrew comments on the top of the file

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Thanks @jamengual

jamengual
jamengual previously approved these changes Apr 26, 2021
View reviewed changes
@jamengual
Copy link
Contributor

/test all

@justnom
Copy link
Contributor Author

justnom commented Apr 26, 2021

/test all

1 similar comment
@joe-niland
Copy link
Member

/test all

@joe-niland joe-niland merged commit ccb6e1d into cloudposse:master Apr 27, 2021
@korenyoni korenyoni mentioned this pull request Jun 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew[bot] left review comments

@jamengual jamengual jamengual left review comments

@joe-niland joe-niland joe-niland approved these changes

@Gowiem Gowiem Awaiting requested review from Gowiem

@nitrocode nitrocode Awaiting requested review from nitrocode

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@justnom @jamengual @joe-niland @cloudpossebot