Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it
Error: Glacier Vault access policy is public and not restricted to specific services or principals
Bridgecrew Policy ID: BC_AWS_GENERAL_90
Checkov Check ID: CKV_AWS_167
Severity: MEDIUM
Glacier Vault access policy is public and not restricted to specific services or principals
Description
TBD
Fix - Buildtime
Terraform
- Resource: aws_glacier_vault
- Argument: Statement
resource "aws_glacier_vault" "my_archive1" {
...
access_policy = <<EOF
{
"Version":"2012-10-17",
"Statement":[
{
"Sid": "add-read-only-perm",
"Principal": "*",
+ "Effect": "Deny",
"Action": [
"glacier:InitiateJob",
"glacier:GetJobOutput"
],
"Resource": "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
}
]
}
}
Updated 4 months ago
Did this page help you?