Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add input var s3_object_ownership #63

Closed
wants to merge 5 commits into from
Closed

add input var s3_object_ownership #63

wants to merge 5 commits into from

Conversation

bcarranza
Copy link

@bcarranza bcarranza commented Jun 24, 2022
edited
Loading

what

  • Upgrade to version = "0.28.0" of the s3-log-storage to have the s3_object_ownership field available.
  • The s3_object_ownership field is exposed as an input variable for use by the user consuming the current module.

why

  • When you do not have acl , and you have only one account you probably want to restrict so that no other account has use over the s3 bucket.

references

  • This resolves prowler the next vulnerability when you set s3_object_ownership = "BucketOwnerEnforced"
Result Severity AccountID Region Compliance Service CheckID Check Title Check Output CIS Level CAF Epic Risk Remediation Docs Resource ID
PASS Medium xxxxxxx us-west-2 Software and Configuration Checks s3 7.172 [extra7172] Check if S3 buckets have ACLs enabled us-west-2: Bucket xxxxxx-s3-bucket has bucket ACLs enabled! Extra Logging and Monitoring S3 ACLs are a legacy access control mechanism that predates IAM. IAM and bucket policies are currently the preferred methods. Ensure that S3 ACLs are disabled (BucketOwnerEnforced). Use IAM policies and bucket policies to manage access.   xxxxxx-s3-bucket

@bcarranza bcarranza requested review from a team as code owners June 24, 2022 16:05
@bcarranza bcarranza mentioned this pull request Jun 24, 2022
Merged
@hans-d
Copy link

hans-d commented Mar 2, 2024

@bcarranza hi, can you resolve the merge conflict?

@hans-d
Copy link

hans-d commented Mar 2, 2024

/terratest

@mergify Mergify
Copy link

mergify bot commented Mar 8, 2024

This pull request is now in conflict. Could you fix it @bcarranza? 🙏

@hans-d hans-d added the stale This PR has gone stale label Mar 8, 2024
@mergify mergify bot added the conflict This PR has conflicts label Mar 9, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

This PR has been closed due to inactivity and merge conflicts.
Please resolve the conflicts and reopen if necessary.

@mergify mergify bot closed this Mar 9, 2024
@mergify Mergify
Copy link

mergify bot commented Mar 9, 2024

Thanks @bcarranza for creating this pull request!

A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

While you wait, make sure to review our contributor guidelines.

Tip

Need help or want to ask for a PR review to be expedited?

Join us on Slack in the #pr-reviews channel.

@mergify mergify bot removed the conflict This PR has conflicts label Mar 9, 2024
@mergify mergify bot removed the stale This PR has gone stale label Mar 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Makeshift Makeshift Awaiting requested review from Makeshift Makeshift is a code owner automatically assigned from cloudposse/contributors

@woz5999 woz5999 Awaiting requested review from woz5999 woz5999 is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

New input variable s3_object_ownership
3 participants
@bcarranza @hans-d @sekka1