Closed aldegoeij closed 1 year ago
Issue #, if available: The S3 Bucket created by the stack for WAF Logs for the HTTP Flood Parser and the Athena result sets is not encrypted by default.
See: #109
Description of changes: Added S3 Bucket BucketEncryption property to the WafLogBucket resource.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Thank you for contributing to this solution. We will review the PR and plan to incorporate it as part of a future release.
@knihit why was this not incorporated in v2.3.1 release?
Hi @aldegoeij - the new release has the following bucket configuration. It includes bucket encryption and PublicAccessBlockConfiguration.
WafLogBucket:
Type: 'AWS::S3::Bucket'
Condition: HttpFloodProtectionLogParserActivated
DependsOn: CheckRequirements
DeletionPolicy: Retain
Properties:
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
Close the old PR as it doesn't apply to the latest version.
Issue #, if available: The S3 Bucket created by the stack for WAF Logs for the HTTP Flood Parser and the Athena result sets is not encrypted by default.
See: https://github.com/awslabs/aws-waf-security-automations/issues/109
Description of changes: Added S3 Bucket BucketEncryption property to the WafLogBucket resource.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.