vmware-samples · kshrutik · Dec 8, 2022 · May 21, 2021 · Jun 29, 2021 · Jul 29, 2021
diff --git a/README.md b/README.md
@@ -157,6 +157,7 @@ The table below lists all the supported jobs with their links.
 |   44.  	| 5c8c26487a550e1fb6560c4a              | RDS snapshot should restrict public access                               | [aws-rds-snapshot-remove-publicaccess](remediation_worker/jobs/aws_rds_snapshot_remove_publicaccess) 	|
 |   45.  	| 5c8c26567a550e1fb6560c5d              | S3 bucket should not give full access to all authenticated users | [aws_s3_remove_fullaccess_authenticatedusers](remediation_worker/jobs/aws_s3_remove_fullaccess_authenticatedusers) 	|
 
+
 ## Contributing
 The Secure State team welcomes welcomes contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a Pull Request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).
 All contributions to this repository must be signed as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on as an open-source patch.

diff --git a/...ker/jobs/aws_ec2_default_security_group_traffic/aws_ec2_default_security_group_traffic.py b/...ker/jobs/aws_ec2_default_security_group_traffic/aws_ec2_default_security_group_traffic.py
@@ -101,6 +101,7 @@ def remediate(self, client, security_group_id, region, cloud_account_id):
         except Exception as e:
             logging.error(f"{str(e)}")
             raise
+
         return 0
 
     def run(self, args):

diff --git a/remediation_worker/jobs/aws_s3_bucket_policy_allow_https/aws_s3_bucket_policy_allow_https.py b/remediation_worker/jobs/aws_s3_bucket_policy_allow_https/aws_s3_bucket_policy_allow_https.py
@@ -103,7 +103,7 @@ def remediate(self, client, cloud_account_id, bucket_name):
                 "Sid": "Restrict Non-https Requests",
                 "Effect": "Deny",
                 "Principal": "*",
-                "Action": "s3:GetObject",
+                "Action": "s3:*",
                 "Resource": f"arn:aws:s3:::{bucket_name}/*",
                 "Condition": {"Bool": {"aws:SecureTransport": "false"}},
             }

diff --git a/remediation_worker/jobs/ec2_close_port_9200_9300/ec2_close_port_9200_9300.py b/remediation_worker/jobs/ec2_close_port_9200_9300/ec2_close_port_9200_9300.py
@@ -111,6 +111,7 @@ def remediate(self, client, instance_id):
         except Exception as e:
             logging.error(f"{str(e)}")
             raise
+
         return 0
 
     def run(self, args):

diff --git a/test/unit/test_aws_s3_bucket_policy_allow_https.py b/test/unit/test_aws_s3_bucket_policy_allow_https.py
@@ -98,7 +98,7 @@ def test_remediate_success(self):
                     "Sid": "Restrict Non-https Requests",
                     "Effect": "Deny",
                     "Principal": "*",
-                    "Action": "s3:GetObject",
+                    "Action": "s3:*",
                     "Resource": "arn:aws:s3:::bucket_name/*",
                     "Condition": {"Bool": {"aws:SecureTransport": "false"}},
                 },

diff --git a/tox.ini b/tox.ini
@@ -65,6 +65,7 @@ envlist =
 	unit-aws_s3_remove_fullaccess_authenticatedusers
 
 
+
 [testenv]
 passenv =
     # Prevent Python bytecode files from being created