The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.
Essentially it's downloading the scripts from the bucket (which I assume is maintained by you guys?)
The problem is that there's no way to verify that the zip file is not tampered.
Describe the feature you'd like
Would be nice to either pin down the S3 version of the zip file (which requires to use s3api command) or to check the downloaded file checksum.
Is your feature request related to a problem? Please describe. Looking at the logs, I can see:
Essentially it's downloading the scripts from the bucket (which I assume is maintained by you guys?) The problem is that there's no way to verify that the zip file is not tampered.
Describe the feature you'd like Would be nice to either pin down the S3 version of the zip file (which requires to use
s3api
command) or to check the downloaded file checksum.Additional context N/A