search

RiotGames / key-conjurer

Temporary Credential Service
https://technology.riotgames.com/news/key-conjurer-our-policy-least-privilege
Apache License 2.0
167 stars 33 forks source link

Frontend S3 encryption #14

Closed aqche closed 5 years ago

aqche commented 5 years ago

Adds some additional security best practices for the frontend S3 bucket. :)

  1. Enables server side encryption at rest
  2. Enforces SSL for encryption in transit
rnikoopour commented 5 years ago

Hey @aqche could you please remove the SSL for transit block from this PR?

I've submitted a PR (#15 ) to remove the website hosting of the bucket. Since Cloudfront is the entry point it's not needed.

We enforce HTTPs on the Cloudfront endpoint: viewer_protocol_policy = "redirect-to-https"

aqche commented 5 years ago

@rnikoopour sounds good! i've removed the policy statement and resolved merge conflicts.