Enforce storage secure access

Details

Metadash will update the storage policy to disallow access unless secured by SSL. This will prevent potential attackers from intercepting or manipulating traffic to the storage resource.

Changes

Metadash will use the AWS SDK to update the following properties for the hooli-east-logs storage resource:

Property	Before	After
Policy	No existing policy	`{"Version":"2012-10-17","Statement":[{"Principal":{"AWS":""},"Action":["s3:"],"Resource":["arn:aws:s3:::hooli-east-logs/*","arn:aws:s3:::hooli-east-logs"],"Effect":"Deny","Condition":{"Bool":{"aws:SecureTransport":"false"}}}]}`

References

Amazon S3 › Security › Security best practices for Amazon S3
Amazon S3 › Security › Managing access based on HTTP or HTTPS requests

Subject

hooli-east-logs

Issue

Storage allows insecure access

Estimates

Time

1 minute

Cost

$0.00

hooli-west-logs

hooli-east-db-main

hooli-east-logs

hooli-terraform

hooli-west-docs

hooli-west-db-main

hooli-west-db-warehouse

hooli-east-db-warehouse

hooli-east-docs

hooli-west-web

hooli-east-web

hooli-west-worker

hooli-east-worker

default_elb_98dacdfe-ee3d-3d9a-bc26-dc67035eeb2a

sg_2

sg_1

elb-1

subnet-00654de6240e77c5d

elb-1

subnet-05ca8c3d3433f01b9

sg_1

sg_2

sg_3

vpc-049f1e8183c92c43b

subnet-005b74680281b290c

subnet-0dae79e86a6ad01b1

subnet-07379bee5d35011bd

default

default_elb_f2aaf53c-0cca-3579-83ca-ea2d1ad606f0

vpc-0ff84d9e06eb88b31

subnet-013cf5230c5af5985

subnet-019b1ff3603480ca7

subnet-02ea5da7fe754a76a

subnet-05690443d5dcdc403

subnet-083ec4646db383daf