From 731124f857e49dfbb1fb4d84ba0322e8cf7521db Mon Sep 17 00:00:00 2001 From: Jim Thario Date: Tue, 2 Mar 2021 15:38:45 -0800 Subject: [PATCH] Fix cfn-nag violations #204 --- .../msam-browser-app-release.template | 45 ++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/source/web-cloudformation/msam-browser-app-release.template b/source/web-cloudformation/msam-browser-app-release.template index 7a1404dc..df2d3939 100644 --- a/source/web-cloudformation/msam-browser-app-release.template +++ b/source/web-cloudformation/msam-browser-app-release.template @@ -101,11 +101,23 @@ "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1" + }, + "Logging": { + "Bucket": { + "Fn::Join": [ + "", [{ + "Ref": "MSAMBrowserAppLoggingBucket" + }, + ".s3.amazonaws.com" + ] + ] + }, + "Prefix": "cf/" } } } }, - "MSAMAppBucketPolicy": { + "MSAMBrowserAppBucketPolicy": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { @@ -157,6 +169,37 @@ "*" ] }] + }, + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [{ + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + }] + } + } + }, + "MSAMBrowserAppLoggingBucket": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl": "LogDeliveryWrite", + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [{ + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + }] + }, + "LifecycleConfiguration": { + "Rules": [{ + "AbortIncompleteMultipartUpload": { + "DaysAfterInitiation": 5 + }, + "ExpirationInDays": 365, + "Id": "Expire Objects After 1 Year", + "NoncurrentVersionExpirationInDays": 365, + "Status": "Enabled" + }] } } },