Skip to content

Commit

Permalink
fix(s3): SSL enforcement doesn't apply on top level bucket requests (a…
Browse files Browse the repository at this point in the history 
…ws#13961)

Fixes aws#13760

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@saudkhanzada
saudkhanzada authored Apr 8, 2021
1 parent c6a6fde commit d0e831a
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 14 deletions.
5 changes: 4 additions & 1 deletion packages/@aws-cdk/aws-s3/lib/bucket.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1502,7 +1502,10 @@ export class Bucket extends BucketBase {
Bool: { 'aws:SecureTransport': 'false' },
},
effect: iam.Effect.DENY,
resources: [this.arnForObjects('*')],
resources: [
this.bucketArn,
this.arnForObjects('*'),
],
principals: [new iam.AnyPrincipal()],
});
this.addToResourcePolicy(statement);
Expand Down
34 changes: 21 additions & 13 deletions packages/@aws-cdk/aws-s3/test/bucket.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,20 +307,28 @@ describe('bucket', () => {
},
'Effect': 'Deny',
'Principal': '*',
'Resource': {
'Fn::Join': [
'',
[
{
'Fn::GetAtt': [
'MyBucketF68F3FF0',
'Arn',
],
},
'/*',
'Resource': [
{
'Fn::GetAtt': [
'MyBucketF68F3FF0',
'Arn',
],
],
},
},
{
'Fn::Join': [
'',
[
{
'Fn::GetAtt': [
'MyBucketF68F3FF0',
'Arn',
],
},
'/*',
],
],
},
],
},
],
'Version': '2012-10-17',
Expand Down

0 comments on commit d0e831a

Please sign in to comment.