DEVHIDE
Login Or Sign up

AWS Amplify CLI S3 Properties Contradicts AWS Control Tower Recommendation

14 Views Asked by At

AWS Amplify creates a DeploymentBucket with the following characteristics:

  • The bucket is public.
  • There's no versioning enabled.
  • No logging policy is applied.

REF: https://github.com/aws/aws-sam-cli/blob/8c7a339df1c63bfdbccab3e97115bb69f20cc9c7/samcli/lib/bootstrap/bootstrap.py#L66-L82

The account however was established under Control Tower with a standard S3 policies. Those policies restricts creating public buckets, buckets without version control, encryption, or logging policies (which definitely is there for a good reason). This differences between AWS's recommended deployment practices with AWS Amplify vs the Control Tower's enforced policies has put us in a bind.

REF: https://docs.aws.amazon.com/controltower/latest/userguide/s3-rules.html

how could I navigate through this situation?

amazon-web-services amazon-s3 aws-amplify aws-control-tower
Original Q&A
0

There are 0 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in AWS-AMPLIFY

Related Questions in AWS-CONTROL-TOWER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.