Skip to content

fix: Use 'Bool' instead of 'StringEquals' for DenyHTTP queue policy #3387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: Use 'Bool' instead of 'StringEquals' for DenyHTTP queue policy #3387

wants to merge 1 commit into from

Conversation

julb
Copy link

@julb julb commented Jun 22, 2025

Description

This change fixes the DenyHTTP SQS queue policy used for Karpenter.
It replaces StringEquals test by Bool test.

Motivation and Context

Several SIEM tools are checking that TLS transit encryption is enabled in the SQS policy.
They are checking that there is a Bool condition on the aws:SecureTransport field set to false.
If the test is StringEquals, an issue is raised by the tool.
In addition, as stated in the example of AWS documentation, the valid test to use for aws:SecureTransport is: Bool
See example here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Boolean

Breaking Changes

No.
It just follows the good AWS practices.

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects

Deployed the module in AWS and everything is OK.

  • I have executed pre-commit run -a on my pull request

@julb julb changed the title Use 'Bool' instead of StringEquals for DenyHTTP queue policy fix: use 'Bool' instead of 'StringEquals' for DenyHTTP queue policy Jun 22, 2025
@julb julb changed the title fix: use 'Bool' instead of 'StringEquals' for DenyHTTP queue policy fix: Use 'Bool' instead of 'StringEquals' for DenyHTTP queue policy Jun 22, 2025
@bryantbiggs bryantbiggs mentioned this pull request Jul 22, 2025
Merged
3 tasks
@github-actions
Copy link

This PR has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this PR will be closed in 10 days

@github-actions github-actions bot added the stale label Jul 23, 2025
@antonbabenko
Copy link
Member

This issue has been resolved in version 21.0.0 🎉

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 23, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@julb @antonbabenko