Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: check origin access control usage for cloudfront with s3 origin #1794

Merged
merged 14 commits into from
Oct 7, 2024

Conversation

clueleaf
Copy link
Contributor

@clueleaf clueleaf commented Sep 9, 2024

Fixes #1582

CDK now supports S3 Origin Access Control L2 construct. Added a new rule to check if OAC is configured for CloudFront distributions using S3 as an origin.

  • Bumped cdk version used in development
    • Added missing parameters in QuickSight tests accordingly
  • Applied the existing OAI rule only to CloudFront Streaming distributions (CloudFront distributions will not be non-compliant if OAI is not configured any more)
  • Added a new rule checking OAC usage. Included the rule to AWS Solutions packs as AwsSolutions-CFR7

Copy link
Collaborator

@dontirun dontirun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Very minor comment to address, but then this should be good to go!

test/rules/CloudFront.test.ts Outdated Show resolved Hide resolved
@clueleaf clueleaf requested a review from dontirun October 3, 2024 13:36
@mergify mergify bot merged commit ce7f549 into cdklabs:main Oct 7, 2024
12 checks passed
@clueleaf clueleaf deleted the feat/oac branch October 8, 2024 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

doc: AwsSolutions-CFR6 conflicts with AWS recommendation
2 participants