From eae54cf4c7372399c2f164b4ee7c9d0242619914 Mon Sep 17 00:00:00 2001
From: Ken Figueiredo <KenFigueiredo@users.noreply.github.com>
Date: Tue, 2 Mar 2021 15:00:48 -0500
Subject: [PATCH] S3 HTTPS bucket policy requirements are now properly
 enforced. (#186)

* fix s3 https bucket policy requirements

* Update templates/apiary-bucket-policy.json

Co-authored-by: Scott Barnhart <github@barnharts4.com>

Co-authored-by: rpoluri <38321430+rpoluri@users.noreply.github.com>
Co-authored-by: Scott Barnhart <github@barnharts4.com>
---
 CHANGELOG.md                        | 4 ++++
 templates/apiary-bucket-policy.json | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ce807ef..fc8ebb1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [6.7.5] - 2021-03-01
+### Fixed
+- S3 HTTPS bucket policy requirements are now properly enforced.
+
 ## [6.7.4] - 2021-03-01
 ### Changed
 - Only publish S3 Create events to managed logs SQS queue.
diff --git a/templates/apiary-bucket-policy.json b/templates/apiary-bucket-policy.json
index 12bf2ea..20ea9e8 100644
--- a/templates/apiary-bucket-policy.json
+++ b/templates/apiary-bucket-policy.json
@@ -83,7 +83,10 @@
                 "AWS": "*"
             },
             "Action": "s3:*",
-            "Resource": "arn:aws:s3:::${bucket_name}",
+            "Resource": [
+                "arn:aws:s3:::${bucket_name}",
+                "arn:aws:s3:::${bucket_name}/*"
+            ],
             "Condition": {
                 "Bool": {
                     "aws:SecureTransport": "false"