S3 HTTPS bucket policy requirements are now properly enforced. (#186)

* fix s3 https bucket policy requirements * Update templates/apiary-bucket-policy.json Co-authored-by: Scott Barnhart <[email protected]> Co-authored-by: rpoluri <[email protected]> Co-authored-by: Scott Barnhart <[email protected]>
ExpediaGroup · Mar 2, 2021 · eae54cf · eae54cf
1 parent 4d5b9b1
commit eae54cf
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [6.7.5] - 2021-03-01
+### Fixed
+- S3 HTTPS bucket policy requirements are now properly enforced.
+
 ## [6.7.4] - 2021-03-01
 ### Changed
 - Only publish S3 Create events to managed logs SQS queue.

diff --git a/templates/apiary-bucket-policy.json b/templates/apiary-bucket-policy.json
@@ -83,7 +83,10 @@
                 "AWS": "*"
             },
             "Action": "s3:*",
-            "Resource": "arn:aws:s3:::${bucket_name}",
+            "Resource": [
+                "arn:aws:s3:::${bucket_name}",
+                "arn:aws:s3:::${bucket_name}/*"
+            ],
             "Condition": {
                 "Bool": {
                     "aws:SecureTransport": "false"