AWS perspective buckets fail security audit, getting numerous alarms

[gurreriamzn]

If your issue relates to the Discovery Process, please first follow the steps described in the implementation guide Debugging the Discovery Component

---

Describe the bug Deployment of resources that are not secured

To Reproduce Successfully deploy AWS Perspective

1. Go to arn:aws:s3:::aws-perspective--configbucket* or any bucket Perspective creates and see that Bucket policies do not enforce SSL

Expected behavior Include policy to enforce SSL

Browser (please complete the following information): irrelevant

• Name chrome

Additional context Add any other context about the problem here.

[svozza]

This is quite strange, the Config bucket has the https policy set as you can see here: https://github.com/awslabs/aws-perspective/blob/f1142a61c77ba4040a8a010407a84210b9116506/source/cfn/templates/zoom-import-and-aggregator.yaml#L109

Afaik, all buckets have this parameter set, e.g.,

https://github.com/awslabs/aws-perspective/blob/f1142a61c77ba4040a8a010407a84210b9116506/deployment/perspective-setup.yaml#L1169 https://github.com/awslabs/aws-perspective/blob/f1142a61c77ba4040a8a010407a84210b9116506/deployment/perspective-setup.yaml#L1214 https://github.com/awslabs/aws-perspective/blob/f1142a61c77ba4040a8a010407a84210b9116506/deployment/perspective-setup.yaml#L1257 https://github.com/awslabs/aws-perspective/blob/f1142a61c77ba4040a8a010407a84210b9116506/deployment/perspective-setup.yaml#L1294

etc

[gurreriamzn]

Apologies, you are correct. I checked every bucket and the policy statement is indeed there. I've cut a ticket to the campaign team alerting them this as a false positive.

[svozza]

No worries, better to be safe than sorry!