JavaScript (v3): Photo Analyzer - Block non-SSL requests to bucket.

cpyle0819 · cpyle0819 · commit efda6cc892f8 · 2024-09-17T14:21:46.000-04:00
diff --git a/javascriptv3/example_code/cross-services/photo_analyzer/stack.yaml b/javascriptv3/example_code/cross-services/photo_analyzer/stack.yaml
@@ -26,6 +26,23 @@ Resources:
         Ref: bucketforimages293BECA3
       PolicyDocument:
         Statement:
+          - Action: s3:*
+            Condition:
+              Bool:
+                aws:SecureTransport: "false"
+            Effect: Deny
+            Principal:
+              AWS: "*"
+            Resource:
+              - Fn::GetAtt:
+                  - bucketforimages293BECA3
+                  - Arn
+              - Fn::Join:
+                  - ""
+                  - - Fn::GetAtt:
+                        - bucketforimages293BECA3
+                        - Arn
+                    - /*
           - Action:
               - s3:GetObject*
               - s3:GetBucket*
