automated-security-response-on-aws icon indicating copy to clipboard operation
automated-security-response-on-aws copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

SetSSLBucketPolicy.py always uses "aws" partition, causing remediate to fail in GovCloud

Open joshua-at-aws opened this issue 3 years ago • 1 comments

Describe the bug

SetSSLBucketPolicy.py always uses "aws" partition, causing remediate to fail in GovCloud:

https://github.com/aws-solutions/aws-security-hub-automated-response-and-remediation/blob/main/source/remediation_runbooks/scripts/SetSSLBucketPolicy.py

To Reproduce

  1. Create SHARR stacks in GovCloud
  2. Select a Security Hub Finding for S3.5 "S3 buckets should require requests to use Secure Socket Layer" and choose Actions > Remediate with SHARR
  3. Go to CloudTrail and see "errorCode": "MalformedPolicy", "errorMessage": "Policy has invalid resource"

Expected behavior

SetSSLBucketPolicy remediation working.

Please complete the following information about the solution:

  • [ ] Version: v1.5.0
  • [ ] Region: us-gov-west-1
  • [ ] Was the solution modified from the version published on this repository? No

joshua-at-aws avatar Aug 04 '22 16:08 joshua-at-aws

Thanks for pointing this out. We will add this bug to our backlog to fix in an upcoming release.

hearde avatar Oct 10 '22 15:10 hearde

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Jan 25 '23 00:01 github-actions[bot]

This issue was closed because it has been inactive for 7 days since being marked as stale.

github-actions[bot] avatar Feb 01 '23 00:02 github-actions[bot]