JavaScript (v3): Photo Analyzer - Block non-SSL requests to bucket. (#…

…6874)
awsdocs · Sep 23, 2024 · 1311e5c · 1311e5c
1 parent 376c52a
commit 1311e5c
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/javascriptv3/example_code/cross-services/photo_analyzer/stack.yaml b/javascriptv3/example_code/cross-services/photo_analyzer/stack.yaml
@@ -26,6 +26,23 @@ Resources:
         Ref: bucketforimages293BECA3
       PolicyDocument:
         Statement:
+          - Action: s3:*
+            Condition:
+              Bool:
+                aws:SecureTransport: "false"
+            Effect: Deny
+            Principal:
+              AWS: "*"
+            Resource:
+              - Fn::GetAtt:
+                  - bucketforimages293BECA3
+                  - Arn
+              - Fn::Join:
+                  - ""
+                  - - Fn::GetAtt:
+                        - bucketforimages293BECA3
+                        - Arn
+                    - /*
           - Action:
               - s3:GetObject*
               - s3:GetBucket*