updated the s3 bucket policies to comply with s3-bucket-ssl-requests-only rule

Niris Okram · Niris Okram · commit 73392bfc4948 · 2021-02-10T10:49:20.000-06:00
diff --git a/govcloud/README.md b/govcloud/README.md
@@ -67,6 +67,21 @@ _Note: You can customize this implementation to work with linked accounts as wel
 							"aws:PrincipalOrgID": "<REPLACE WITH YOUR AWS ORGANIZATION ID>"
 						}
 					}
+				},
+				{
+					"Sid": "AllowSSLRequestsOnly",
+					"Effect": "Deny",
+					"Principal": "*",
+					"Action": "s3:*",
+					"Resource": [
+						"arn:aws:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>",
+						"arn:aws:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>/*"
+					],
+					"Condition": {
+						"Bool": {
+							aws:SecureTransport: false
+						}
+					}					
 				}
 			]
 		}
@@ -119,6 +134,21 @@ _Note: You can customize this implementation to work with linked accounts as wel
 							"aws:PrincipalOrgID": "<REPLACE WITH YOUR AWS ORGANIZATION ID>"
 						}
 					}
+				},
+				{
+					"Sid": "AllowSSLRequestsOnly",
+					"Effect": "Deny",
+					"Principal": "*",
+					"Action": "s3:*",
+					"Resource": [
+						"arn:aws-us-gov:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>",
+						"arn:aws-us-gov:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>/*"
+					],
+					"Condition": {
+						"Bool": {
+							aws:SecureTransport: false
+						}
+					}					
 				}
 			]
 		}

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,21 @@ _Note: You can customize this implementation to work with linked accounts as wel`
`67`	`67`	`"aws:PrincipalOrgID": "<REPLACE WITH YOUR AWS ORGANIZATION ID>"`
`68`	`68`	`}`
`69`	`69`	`}`
	`70`	`+ },`
	`71`	`+ {`
	`72`	`+ "Sid": "AllowSSLRequestsOnly",`
	`73`	`+ "Effect": "Deny",`
	`74`	`+ "Principal": "*",`
	`75`	`+ "Action": "s3:*",`
	`76`	`+ "Resource": [`
	`77`	`+ "arn:aws:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>",`
	`78`	`+ "arn:aws:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>/*"`
	`79`	`+ ],`
	`80`	`+ "Condition": {`
	`81`	`+ "Bool": {`
	`82`	`+ aws:SecureTransport: false`
	`83`	`+ }`
	`84`	`+ }`
`70`	`85`	`}`
`71`	`86`	`]`
`72`	`87`	`}`
`@@ -119,6 +134,21 @@ _Note: You can customize this implementation to work with linked accounts as wel`
`119`	`134`	`"aws:PrincipalOrgID": "<REPLACE WITH YOUR AWS ORGANIZATION ID>"`
`120`	`135`	`}`
`121`	`136`	`}`
	`137`	`+ },`
	`138`	`+ {`
	`139`	`+ "Sid": "AllowSSLRequestsOnly",`
	`140`	`+ "Effect": "Deny",`
	`141`	`+ "Principal": "*",`
	`142`	`+ "Action": "s3:*",`
	`143`	`+ "Resource": [`
	`144`	`+ "arn:aws-us-gov:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>",`
	`145`	`+ "arn:aws-us-gov:s3:::<REPLACE WITH YOUR AMAZON S3 BUCKET NAME>/*"`
	`146`	`+ ],`
	`147`	`+ "Condition": {`
	`148`	`+ "Bool": {`
	`149`	`+ aws:SecureTransport: false`
	`150`	`+ }`
	`151`	`+ }`
`122`	`152`	`}`
`123`	`153`	`]`
`124`	`154`	`}`