Skip to content

Commit

Permalink
add ssl enforcement policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@ashle001
ashle001 committed Sep 24, 2020
1 parent 873e16c commit 61bc94d
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,18 @@ data "aws_iam_policy_document" "this" {
values = ["true"]
}
}
statement {
sid = "enforceSSL"
effe = "Deny"
principals = "*",
actions = "s3:*",
resources = [aws_s3_bucket.this.arn, "${aws_s3_bucket.this.arn}/*"]
condition {
test = "Bool"
variable = "aws:SecureTransport"
values = ["false"]
}
}
}

#---
Expand Down

0 comments on commit 61bc94d

Please sign in to comment.