fix: acl issue apprunner and ecs (#99)

hayk99 · web-flow · commit 0d0bfd966490 · 2023-05-02T17:41:48.000+02:00
* fix: acl issue apprunner and ecs

* fix: typo

* ci: skip rule w3002

* ci: skip rule w3002 in actions

* docs: skip rule

* force ci

* fix: config bucket acl

* style: sort comment lines

* style: makefile

* style: makefile
diff --git a/.github/workflows/ci-pull-request-apprunner.yaml b/.github/workflows/ci-pull-request-apprunner.yaml
@@ -22,7 +22,9 @@ jobs:
     - name: Print the Cloud Formation Linter Version & run Linter
       run: |
         cfn-lint --version
-        cfn-lint -t templates_apprunner/**/*.yaml
+        cfn-lint -t templates_apprunner/**/*.yaml -i W3002
+#         -i 3002 will not apply rule 3002 https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/rules.md
+#         which is failing in ci/cd
 
   build:
     name: Build and Upload AppRunner templates
diff --git a/.github/workflows/ci-pull-request-ecs.yaml b/.github/workflows/ci-pull-request-ecs.yaml
@@ -22,7 +22,9 @@ jobs:
     - name: Print the Cloud Formation Linter Version & run Linter
       run: |
         cfn-lint --version
-        cfn-lint -t templates_ecs/**/*.yaml
+        cfn-lint -t templates_ecs/**/*.yaml -i W3002
+#         -i 3002 will not apply rule 3002 https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/rules.md
+#         which is failing in ci/cd
 
   build:
     name: Build and Upload ECS templates
diff --git a/templates_apprunner/CloudTrail.yaml b/templates_apprunner/CloudTrail.yaml
@@ -26,7 +26,9 @@ Resources:
   CloudTrailLoggingBucket:
     Type: AWS::S3::Bucket
     Properties:
-      AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/templates_apprunner/Makefile b/templates_apprunner/Makefile
@@ -14,8 +14,7 @@ validate:
 	aws cloudformation validate-template --template-body file://./SecureForCloudAppRunner.yaml
 
 lint:
-	cfn-lint *.yaml
-
+	cfn-lint *.yaml -i W3002
 
 packaged-template.yaml:
 	aws s3 rm s3://$(S3_BUCKET)/apprunner/$(S3_PREFIX) --recursive
diff --git a/templates_apprunner/SecureForCloudAppRunner.yaml b/templates_apprunner/SecureForCloudAppRunner.yaml
@@ -103,7 +103,9 @@ Resources:
   SysdigConfigLoggingBucket:
     Type: AWS::S3::Bucket
     Properties:
-      AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/templates_ecs/CloudTrail.yaml b/templates_ecs/CloudTrail.yaml
@@ -26,7 +26,9 @@ Resources:
   CloudTrailLoggingBucket:
     Type: AWS::S3::Bucket
     Properties:
-      AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/templates_ecs/CloudVision.yaml b/templates_ecs/CloudVision.yaml
@@ -151,7 +151,9 @@ Resources:
   SysdigConfigLoggingBucket:
     Type: AWS::S3::Bucket
     Properties:
-      AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerEnforced
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/templates_ecs/Makefile b/templates_ecs/Makefile
@@ -10,10 +10,10 @@ STACK_NAME = "SecureForCloudECSTest"
 .PHONY: packaged-template.yaml
 
 validate:
-	aws cloudformation validate-template --template-body file://./CloudVision.yaml
+    aws cloudformation validate-template --template-body file://./CloudVision.yaml
 
 lint:
-	cfn-lint *.yaml
+	cfn-lint *.yaml -i W3002
 
 packaged-template.yaml:
 	aws s3 rm s3://$(S3_BUCKET)/ecs/$(S3_PREFIX) --recursive
