diff --git a/e2e/multi-pipeline/s3template.yml b/e2e/multi-pipeline/s3template.yml index ea42a00fe59..1d4a74ac94d 100644 --- a/e2e/multi-pipeline/s3template.yml +++ b/e2e/multi-pipeline/s3template.yml @@ -22,6 +22,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true e2epipelineaddonBucketPolicy: Metadata: diff --git a/internal/pkg/addon/testdata/merge/env/second.yaml b/internal/pkg/addon/testdata/merge/env/second.yaml index 470722a4eef..07c30a5cd44 100644 --- a/internal/pkg/addon/testdata/merge/env/second.yaml +++ b/internal/pkg/addon/testdata/merge/env/second.yaml @@ -76,6 +76,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true MyBucketAccessPolicy: Type: AWS::IAM::ManagedPolicy diff --git a/internal/pkg/addon/testdata/merge/env/wanted.yaml b/internal/pkg/addon/testdata/merge/env/wanted.yaml index a4e6e4be4b8..fa4c17e747c 100644 --- a/internal/pkg/addon/testdata/merge/env/wanted.yaml +++ b/internal/pkg/addon/testdata/merge/env/wanted.yaml @@ -106,6 +106,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true MyBucketAccessPolicy: Type: AWS::IAM::ManagedPolicy Properties: diff --git a/internal/pkg/addon/testdata/merge/second.yaml b/internal/pkg/addon/testdata/merge/second.yaml index 21562b0ea9e..3be18d34b3b 100644 --- a/internal/pkg/addon/testdata/merge/second.yaml +++ b/internal/pkg/addon/testdata/merge/second.yaml @@ -79,6 +79,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true MyBucketAccessPolicy: Type: AWS::IAM::ManagedPolicy diff --git a/internal/pkg/addon/testdata/merge/wanted.yaml b/internal/pkg/addon/testdata/merge/wanted.yaml index 0273c8208fd..8bce79b46b5 100644 --- a/internal/pkg/addon/testdata/merge/wanted.yaml +++ b/internal/pkg/addon/testdata/merge/wanted.yaml @@ -109,6 +109,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true MyBucketAccessPolicy: Type: AWS::IAM::ManagedPolicy Properties: diff --git a/internal/pkg/addon/testdata/storage/bucket.yml b/internal/pkg/addon/testdata/storage/bucket.yml index 0a2cacbd882..c55a242772d 100644 --- a/internal/pkg/addon/testdata/storage/bucket.yml +++ b/internal/pkg/addon/testdata/storage/bucket.yml @@ -22,6 +22,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml index cc634b0fc84..a22aa50e8a0 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml @@ -720,6 +720,11 @@ Resources: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true ELBAccessLogsBucketPolicy: Type: AWS::S3::BucketPolicy Condition: CreateALB diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/workloads/static-site.stack.yml b/internal/pkg/deploy/cloudformation/stack/testdata/workloads/static-site.stack.yml index 13b9158fffd..5d5a54a6fee 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/workloads/static-site.stack.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/workloads/static-site.stack.yml @@ -35,6 +35,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced diff --git a/internal/pkg/template/templates/addons/s3/cf.yml b/internal/pkg/template/templates/addons/s3/cf.yml index db708d9b2c9..def196b6728 100644 --- a/internal/pkg/template/templates/addons/s3/cf.yml +++ b/internal/pkg/template/templates/addons/s3/cf.yml @@ -22,6 +22,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced diff --git a/internal/pkg/template/templates/addons/s3/env/cf.yml b/internal/pkg/template/templates/addons/s3/env/cf.yml index 2ca8033148f..f0773c9d953 100644 --- a/internal/pkg/template/templates/addons/s3/env/cf.yml +++ b/internal/pkg/template/templates/addons/s3/env/cf.yml @@ -20,6 +20,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced diff --git a/internal/pkg/template/templates/app/cf.yml b/internal/pkg/template/templates/app/cf.yml index fd7ed905292..7de62f20964 100644 --- a/internal/pkg/template/templates/app/cf.yml +++ b/internal/pkg/template/templates/app/cf.yml @@ -90,6 +90,11 @@ Resources: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced diff --git a/internal/pkg/template/templates/environment/partials/elb-access-logs.yml b/internal/pkg/template/templates/environment/partials/elb-access-logs.yml index f864f3c41bc..c542108a7d6 100644 --- a/internal/pkg/template/templates/environment/partials/elb-access-logs.yml +++ b/internal/pkg/template/templates/environment/partials/elb-access-logs.yml @@ -37,4 +37,9 @@ ELBAccessLogsBucket: BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: - SSEAlgorithm: AES256 \ No newline at end of file + SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true \ No newline at end of file diff --git a/internal/pkg/template/templates/task/cf.yml b/internal/pkg/template/templates/task/cf.yml index 129722c867d..51465528d53 100644 --- a/internal/pkg/template/templates/task/cf.yml +++ b/internal/pkg/template/templates/task/cf.yml @@ -273,6 +273,11 @@ Resources: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true LifecycleConfiguration: Rules: # .env files are only needed on the initial RunTask call and are not needed after that. diff --git a/internal/pkg/template/templates/workloads/services/static-site/cf.yml b/internal/pkg/template/templates/workloads/services/static-site/cf.yml index 4c79bdf3302..ce8e836c7b2 100644 --- a/internal/pkg/template/templates/workloads/services/static-site/cf.yml +++ b/internal/pkg/template/templates/workloads/services/static-site/cf.yml @@ -47,6 +47,8 @@ Resources: PublicAccessBlockConfiguration: BlockPublicAcls: true BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true OwnershipControls: Rules: - ObjectOwnership: BucketOwnerEnforced