Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bucket "ServerlessDeploymentBucket" doesn't have a BucketPolicy forbidding unsecure HTTP access but it does. #6

Open
KerberosMorphy opened this issue Aug 28, 2020 · 1 comment
Open

Bucket "ServerlessDeploymentBucket" doesn't have a BucketPolicy forbidding unsecure HTTP access but it does. #6

KerberosMorphy opened this issue Aug 28, 2020 · 1 comment
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed

Comments

@KerberosMorphy
Copy link

Hi, this is related to an issue I open on serverless/serverless/issues/8076.

It's seem that safeguards doesn't accept the Framework policy generate for the deployment bucker event if it did forbid unsecure HTTP access.

Warned - Bucket "ServerlessDeploymentBucket" doesn't have a BucketPolicy forbidding unsecure HTTP access.

Framework creates such policy, but internally resource is referenced via:

{
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":s3:::",
                      {
                        "Ref": "ServerlessDeploymentBucket"
                      },
                      "/*"
                    ]
                  ]
                }

While plugin strictly expects:

{
                  "Fn::Join": [
                    "",
                    [
                      "arn:aws:s3:::",
                      {
                        "Ref": "ServerlessDeploymentBucket"
                      },
                      "/*"
                    ]
                  ]
                }

And due to that, doesn't recognize policy and raise a warning.

Let me know if you need more information.
@KerberosMorphy KerberosMorphy mentioned this issue Aug 28, 2020
Open
@medikoo medikoo added bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed labels Aug 31, 2020
@medikoo
Copy link
Contributor

medikoo commented Aug 31, 2020

@KerberosMorphy thanks for reporting. It's definitely the bug that's worth fixing. We welcome the PR that addresses that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@medikoo @KerberosMorphy