Skip to content
This repository has been archived by the owner on Dec 6, 2024. It is now read-only.

chore: Enable server side encryption on prepare master and edge lambda bucket #521

Merged
merged 6 commits into from
Jun 9, 2021
Merged

chore: Enable server side encryption on prepare master and edge lambda bucket #521

merged 6 commits into from
Jun 9, 2021

Conversation

jn1119
Copy link
Contributor

@jn1119 jn1119 commented Jun 8, 2021

Issue #, if available: V377389653

Description of changes: This is a recommendation based on a AppSec/PenTest finding where it was recommended that we encrypt these buckets.

Testing done:

  1. Deployed the changes and verified that buckets were encrypted and SWB website/backend worked (I tested that I was able to login after deploying the changes)
  2. Also verified that prepare master deploy command was also successful i.e. Cloudformation was able to access the newly encrypted file.

Checklist:

  • Have you successfully deployed to an AWS account with your changes?
  • Have you written new tests for your core changes, as applicable?
  • Have you successfully tested with your changes locally?
  • If new dependencies have been added, have they been pinned to specific versions?
  • Is this change also required on the AWS Solution version?
  • Have you updated openapi.yaml if you made updates to API definition (including add, delete or update parameter and request data schema)?
  • If you had to run manual tests, have you considered automating those tests by adding them to end-to-end tests?

AS review ticket id:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jn1119 jn1119 requested review from nguyen102 and SanketD92 June 8, 2021 21:14
@jn1119 jn1119 requested a review from a team as a code owner June 8, 2021 21:14
@codecov
Copy link

codecov bot commented Jun 9, 2021
edited
Loading

Codecov Report

Merging #521 (1817f2b) into develop (a1d018a) will not change coverage.
The diff coverage is n/a.

❗ Current head 1817f2b differs from pull request most recent head 75e321b. Consider uploading reports for the commit 75e321b to get more accurate results
Impacted file tree graph

@@           Coverage Diff            @@
##           develop     #521   +/-   ##
========================================
  Coverage    49.04%   49.04%           
========================================
  Files          243      243           
  Lines        12503    12503           
  Branches      2012     2012           
========================================
  Hits          6132     6132           
  Misses        5564     5564           
  Partials       807      807

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a1d018a...75e321b. Read the comment docs.

@jn1119 jn1119 merged commit ea2650f into awslabs:develop Jun 9, 2021
ahl27 added a commit that referenced this pull request Jun 11, 2021
@ahl27 @Bingjiling
@dependabot @nguyen102 @jn1119
[UpdateUserPerm] Update to develop branch (#527)
6b98f44 
* feature: updated UI for AWS accounts page with cards instead of a list box.

* feature: added API calls to update AWS Account, added functionality to check permissions status and update with DB table on backend

* feat: adds filter buttons for accounts as well as code cleanup and general UX improvements.

* fix: fixed budget buttons on account cards to correctly direct to the budget page

* fix: cleaned up code, added unit test, added entry to openapi.yaml

* fix: removed unused file

* fix: made some buttons look better

* fix: added unit test to increase codecov and fixed a minor bug in AwsAccountsStore

* chore: docs dependency fix (#505)

* chore(deps): bump dns-packet from 1.3.1 to 1.3.4 in /docs (#507)

* chore(deps): bump dns-packet from 1.3.1 to 1.3.4 in /docs

Bumps [dns-packet](https://github.com/mafintosh/dns-packet) from 1.3.1 to 1.3.4.
- [Release notes](https://github.com/mafintosh/dns-packet/releases)
- [Changelog](https://github.com/mafintosh/dns-packet/blob/master/CHANGELOG.md)
- [Commits](mafintosh/dns-packet@v1.3.1...v1.3.4)

Signed-off-by: dependabot[bot] <support@github.com>

* fix: trigger build

* feat: Add warning that internal authentication shouldn't be used in production (#506)

* feat: Encrypt s3 buckets for EMR log bucket and CICD Artifact bucket (#508)

* chore: Disable EBS volume for storage gateway (#511)

Co-authored-by: Tim Nguyen <thingut@amazon.com>

* fix: changes suggested by Yanyu in CR

* fix: minor change to openapi.yml

* fix: removed unneccessary script

* fix: removed reliance on undefined value for needsPermissionUpdate

* fix: changed NEW to ONBOARDME for better clarity

* Update settings.json

* Update settings.json

* removed confusing half-implemented function and replaced with placeholder

* chore: Add encryption to CICD SNS topic (#512)

Co-authored-by: Tim Nguyen <thingut@amazon.com>

* fix: Allow sagemaker to have the proper IAM permission to autostop itself (#515)

* chore: Enable access logging for env-type-configs bucket (#520)

* chore: Enable server side encryption on prepare master and edge lambda bucket (#521)

* fix: Corrected Spark defaults to fix read/write functionality from Spark (#526)

Co-authored-by: Yanyu Zheng <yz2690@columbia.edu>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tim Nguyen <nguyen102@users.noreply.github.com>
Co-authored-by: Tim Nguyen <thingut@amazon.com>
Co-authored-by: Jeet <68876606+jn1119@users.noreply.github.com>
ahl27 pushed a commit that referenced this pull request Jun 11, 2021
@jn1119 @ahl27
chore: Enable server side encryption on prepare master and edge lambd…
9a1c32d 
…a bucket (#521)
ahl27 pushed a commit to ahl27/service-workbench-on-aws that referenced this pull request Jun 11, 2021
@jn1119 @ahl27
chore: Enable server side encryption on prepare master and edge lambd…
9b852c2 
…a bucket (awslabs#521)
jn1119 added a commit that referenced this pull request Jun 14, 2021
@jn1119
chore: Enable server side encryption on prepare master and edge lambd…
afb671d 
…a bucket (#521)
manikandan-thangavelu-rl pushed a commit to RLOpenCatalyst/service-workbench-on-aws that referenced this pull request Jun 14, 2021
@jn1119 @manikandan-thangavelu-rl
chore: Enable server side encryption on prepare master and edge lambd…
5e2701c 
…a bucket (awslabs#521)
manikandan-thangavelu-rl added a commit to RLOpenCatalyst/service-workbench-on-aws that referenced this pull request Jun 14, 2021
@manikandan-thangavelu-rl
Revert "chore: Enable server side encryption on prepare master and ed…
e1d8719 
…ge lambda bucket (awslabs#521)"

This reverts commit 5e2701c.
jxuamazon pushed a commit to jxuamazon/service-workbench-on-aws that referenced this pull request Feb 15, 2022
@jn1119
chore: Enable server side encryption on prepare master and edge lambd…
3b71250 
…a bucket (awslabs#521)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nguyen102 nguyen102 nguyen102 approved these changes

@SanketD92 SanketD92 Awaiting requested review from SanketD92

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jn1119 @nguyen102