Skip to content

Commit

Permalink
Merge pull request #6 from rhythmictech/NOC-13028
Browse files Browse the repository at this point in the history 
NOC-13028
  • Loading branch information
@rsanchez-s
rsanchez-s authored Jun 4, 2021
2 parents 965bf71 + 17bccdb commit e2f9ee1
Showing 1 changed file with 0 additions and 36 deletions.
36 changes: 0 additions & 36 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,42 +61,6 @@ resource "aws_s3_bucket_public_access_block" "this" {
}

data "aws_iam_policy_document" "this" {
statement {
sid = "DenyIncorrectEncryptionHeader"
actions = ["s3:PutObject*"]
effect = "Deny"
resources = ["${aws_s3_bucket.this.arn}/*"]

condition {
test = "StringNotEquals"
variable = "s3:x-amz-server-side-encryption"
values = ["AES256"]
}

principals {
identifiers = ["*"]
type = "AWS"
}
}

statement {
sid = "DenyUnEncryptedObjectUploads"
actions = ["s3:PutObject*"]
effect = "Deny"
resources = ["${aws_s3_bucket.this.arn}/*"]

condition {
test = "Null"
variable = "s3:x-amz-server-side-encryption"
values = [true]
}

principals {
identifiers = ["*"]
type = "AWS"
}
}

dynamic "statement" {
for_each = var.allowed_account_ids

Expand Down

0 comments on commit e2f9ee1

Please sign in to comment.