Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update: Enforce encryption of data in transit #28

Closed
hnishar opened this issue Jul 27, 2020 · 1 comment
Closed

Update: Enforce encryption of data in transit #28

hnishar opened this issue Jul 27, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@hnishar
Copy link
Contributor

hnishar commented Jul 27, 2020

Issue:

In addition to encryption of data at rest, AWS recommends to enforce encryption of data in transit for services like Amazon Amazon S3, Amazon SQS and Amazon SNS. Enhance the following patterns to apply this best practice of enforce encryption of data in transit:

  • aws-apigateway-sqs
  • aws-cloudfront-s3
  • aws-iot-kinesisfirehose-s3
  • aws-kinesisfirehose-s3
  • aws-kinesisfirehose-s3-and-kinesisanalytics
  • aws-lambda-s3
  • aws-lambda-sns
  • aws-lambda-sqs
  • aws-lambda-sqs-lambda
  • aws-s3-lambda
  • aws-s3-step-function
  • aws-sns-lambda
  • aws-sqs-lambda

Solution:

Apply the resource policy for S3 Bucket, SNS Topic or SQS Queue created by the constructs to allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition in the resource policy.

Best practices documentation:

Amazon S3: https://docs.aws.amazon.com/AmazonS3/latest/dev/security-best-practices.html
Amazon SNS: https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit
Amazon SQS: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-security-best-practices.html#ensure-queues-not-publicly-accessible
@hnishar hnishar added enhancement New feature or request in-progress This issue is being actively worked on labels Jul 27, 2020
@hnishar
Copy link
Contributor Author

hnishar commented Jul 31, 2020

Implemented in the latest release v1.54.0

@hnishar hnishar closed this as completed Jul 31, 2020
@hnishar hnishar removed the in-progress This issue is being actively worked on label Jul 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hnishar