Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(codepipeline): default cross-region S3 buckets allow public access #17722

Merged
merged 7 commits into from
Dec 9, 2021
Merged

fix(codepipeline): default cross-region S3 buckets allow public access #17722

merged 7 commits into from
Dec 9, 2021

Conversation

david-richer-adsk
Copy link
Contributor

@david-richer-adsk david-richer-adsk commented Nov 25, 2021
edited by skinny85
Loading

The cross region S3 buckets that are created should have block public access by default.

Fixes #16411

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@david-richer-adsk
feat(codepipeline): Cross region S3 buckets block public access by de…
54df648 
…fault.

The cross region S3 buckets that are created should have block public access by default.

fixes aws#16411
@david-richer-adsk
Update cross-region-support-stack.ts
135c1f9
@gitpod-io
Copy link

gitpod-io bot commented Nov 25, 2021

@github-actions github-actions bot added the @aws-cdk/aws-codepipeline Related to AWS CodePipeline label Nov 25, 2021
@david-richer-adsk
Copy link
Contributor Author

Same approach as for the artifact bucket: https://github.com/aws/aws-cdk/blob/master/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts#L382

skinny85
skinny85 previously requested changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @david-richer-adsk!

packages/@aws-cdk/aws-codepipeline/lib/private/cross-region-support-stack.ts Outdated Show resolved Hide resolved
@skinny85 skinny85 changed the title feat(codepipeline): Cross region S3 buckets block public access fix(codepipeline): default cross-region S3 buckets allow public access Nov 29, 2021
@mergify mergify bot dismissed skinny85’s stale review November 29, 2021 07:16

Pull request has been modified.

skinny85
skinny85 previously requested changes Nov 29, 2021
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also need a unit test for this one 🙂.

@david-richer-adsk
Copy link
Contributor Author

We also need a unit test for this one 🙂.

Does this look like the right place to add a check? https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-codepipeline/test/cross-env.test.ts#L132

@skinny85
Copy link
Contributor

skinny85 commented Dec 3, 2021

We also need a unit test for this one 🙂.

Does this look like the right place to add a check? https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-codepipeline/test/cross-env.test.ts#L132

Yes, that's probably a good spot. You can use the toHaveResourceLike() helper, like here.

@mergify mergify bot dismissed skinny85’s stale review December 4, 2021 02:50

Pull request has been modified.

@david-richer-adsk
Copy link
Contributor Author

Should be good to go, let me know if anything is missing.

skinny85
skinny85 previously requested changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good @david-richer-adsk! One question.

packages/@aws-cdk/aws-codepipeline/test/cross-env.test.ts Outdated Show resolved Hide resolved
@mergify mergify bot dismissed skinny85’s stale review December 6, 2021 17:03

Pull request has been modified.

@david-richer-adsk
Copy link
Contributor Author

@skinny85 ready to be merged?

skinny85
skinny85 approved these changes Dec 9, 2021
View reviewed changes
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @david-richer-adsk!

@skinny85
Copy link
Contributor

skinny85 commented Dec 9, 2021

@skinny85 ready to be merged?

Yep! In the future, make sure to re-request my review after you're done pushing your changes (there's a button in the top-right corner of the PR page, next to my avatar), this way I won't miss it 🙂.

Thanks,
Adam

@mergify
Copy link
Contributor

mergify bot commented Dec 9, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@david-richer-adsk
Copy link
Contributor Author

Will do!

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 463ce71
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 0b80db5 into aws:master Dec 9, 2021
@mergify
Copy link
Contributor

mergify bot commented Dec 9, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

TikiTDO pushed a commit to TikiTDO/aws-cdk that referenced this pull request Feb 21, 2022
@david-richer-adsk @TikiTDO
fix(codepipeline): default cross-region S3 buckets allow public access (
7dac317 
aws#17722)

The cross region S3 buckets that are created should have block public access by default.

Fixes aws#16411

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skinny85 skinny85 skinny85 approved these changes

Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-codepipeline Related to AWS CodePipeline
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(pipelines): cross region S3 bucket - block public access
3 participants
@david-richer-adsk @skinny85 @aws-cdk-automation