Skip to content

Commit

Permalink
Merge pull request #175 from communitiesuk/add-cross-account-policy
Browse files Browse the repository at this point in the history
FPASF-223: add cross account policy for pre-production environments
  • Loading branch information
gidsg authored Oct 4, 2024
2 parents cca390d + 158a096 commit ceec9c6
Showing 1 changed file with 11 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Resources:
sanitiseddatabasedumpsBucketPolicy:
Condition: IsProdEnv
Metadata:
'aws:copilot:description': 'A bucket policy to deny unencrypted access to the bucket and its contents'
'aws:copilot:description': 'A bucket policy to deny unencrypted access to the bucket and its contents, and grant access from other selected accounts'
Type: AWS::S3::BucketPolicy
DeletionPolicy: Retain
Properties:
Expand All @@ -61,6 +61,16 @@ Resources:
Condition:
Bool:
"aws:SecureTransport": false
- Sid: AllowAccessDevTest
Effect: Allow
Principal:
CanonicalUser:
- '4a20e1ecba266786127536b068cbbf222b344a2e21024029f1a778f98e8667c0'
- '5544757b63b565e6774e61121ba15cfa98206f1629455df924f60d942a861d56'
Action: 's3:GetObject'
Resource:
- !Sub ${ sanitiseddatabasedumpsBucket.Arn}/*
- !Sub ${ sanitiseddatabasedumpsBucket.Arn}
Bucket: !Ref sanitiseddatabasedumpsBucket

sanitiseddatabasedumpsAccessPolicy:
Expand Down

0 comments on commit ceec9c6

Please sign in to comment.