s3-secure 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +94 -0
  4. data/lib/s3_secure/help/encryption/disable.md +5 -0
  5. data/lib/s3_secure/help/encryption/enable.md +6 -0
  6. data/lib/s3_secure/help/policy/enforce_ssl.md +34 -0
  7. data/lib/s3_secure/help/policy/unforce_ssl.md +61 -0
  8. data/lib/s3_secure/policy/unforce.rb +1 -1
  9. data/lib/s3_secure/version.rb +1 -1
  10. metadata +5 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 458984b9117afa2925e7b2f6d662d1d7d85f1db797443a8addde3e59162794d4
4
- data.tar.gz: 9127363474746342e5af37bfd32a68e5fce29f6738902026fa00141720989f26
3
+ metadata.gz: 5ac0f7a2ea49f20a6889427938cbbdfec5c68f33213bf461e9096dda03d18f2f
4
+ data.tar.gz: '094ff89059df6581f3bf43a62550faad4291838b9db527b2cbfeb7227d7919f8'
5
5
  SHA512:
6
- metadata.gz: a318aa5bbf6d9a960d65e2f32a6ea18053b07532c6a19e8ce4c36d3e92252e6383344238ec372e98d0c8da970a3af6015af67b169f244af81b80b431ca518450
7
- data.tar.gz: e098eea71ed734a3ad6664d293d476fcddad5a4c285542bf1dc634ef9833773c99b0a77637f5bcb9242e3e3d3ee9b3256b904c635e96c2806de936b230eba258
6
+ metadata.gz: efe6747a6ff8a9b413ac1598affa0c6ae7e1c5965953dfc4479e433d455e6676586cd73817f326bb8b29a711ae140514d7f64b1bd246b81f1785a70ca7d33dcf
7
+ data.tar.gz: f3114075b52fc612e9c0d7e79ccea0f04ffd72b11fae3bf125328bf46ed1bd915a27ebd28381767ee990966e00e0ceda66fd4eb55908c85caf6f81465f7d69e9
data/CHANGELOG.md CHANGED
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.4.1]
7
+ - improve cli help
8
+
6
9
  ## [0.4.0]
7
10
  - #1 summary command
8
11
 
data/README.md CHANGED
@@ -25,6 +25,100 @@ Summary of policy commands:
25
25
  s3-secure policy enforce_ssl BUCKET
26
26
  s3-secure policy unforce_ssl BUCKET
27
27
 
28
+ ## Examples with Output
29
+
30
+ Example of `s3-secure encryption enable`:
31
+
32
+ $ s3-secure encryption enable a-test-bucket-in-us-west-1
33
+ Encyption enabled on bucket a-test-bucket-in-us-west-1 with rules:
34
+ {:apply_server_side_encryption_by_default=>{:sse_algorithm=>"AES256"}}
35
+ $
36
+
37
+ Example of `s3-secure policy enforce_ssl`:
38
+
39
+ $ s3-secure policy enforce_ssl a-test-bucket-in-us-west-1
40
+ Add bucket policy to bucket a-test-bucket-in-us-west-1:
41
+ {
42
+ "Version": "2012-10-17",
43
+ "Statement": [
44
+ {
45
+ "Sid": "ForceSSLOnlyAccess",
46
+ "Effect": "Deny",
47
+ "Principal": "*",
48
+ "Action": "s3:GetObject",
49
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-west-1/*",
50
+ "Condition": {
51
+ "Bool": {
52
+ "aws:SecureTransport": "false"
53
+ }
54
+ }
55
+ }
56
+ ]
57
+ }
58
+ $
59
+
60
+ When removing ssl enforcement from the bucket policy, if there are other policy statements, those are left in tact. Example:
61
+
62
+ $ s3-secure policy show a-test-bucket-in-us-east-1
63
+ Bucket a-test-bucket-in-us-east-1 is configured with this policy:
64
+ {
65
+ "Version": "2012-10-17",
66
+ "Statement": [
67
+ {
68
+ "Sid": "IPAllow",
69
+ "Effect": "Deny",
70
+ "Principal": "*",
71
+ "Action": "s3:*",
72
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
73
+ "Condition": {
74
+ "NotIpAddress": {
75
+ "aws:SourceIp": "54.240.143.0/24"
76
+ }
77
+ }
78
+ },
79
+ {
80
+ "Sid": "ForceSSLOnlyAccess",
81
+ "Effect": "Deny",
82
+ "Principal": "*",
83
+ "Action": "s3:GetObject",
84
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
85
+ "Condition": {
86
+ "Bool": {
87
+ "aws:SecureTransport": "false"
88
+ }
89
+ }
90
+ }
91
+ ]
92
+ }
93
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-east-1
94
+ Remove bucket policy statement from bucket a-test-bucket-in-us-east-1:
95
+ {
96
+ "Version": "2012-10-17",
97
+ "Statement": [
98
+ {
99
+ "Sid": "IPAllow",
100
+ "Effect": "Deny",
101
+ "Principal": "*",
102
+ "Action": "s3:*",
103
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
104
+ "Condition": {
105
+ "NotIpAddress": {
106
+ "aws:SourceIp": "54.240.143.0/24"
107
+ }
108
+ }
109
+ }
110
+ ]
111
+ }
112
+ $
113
+
114
+ For more help:
115
+
116
+ s3-secure -h
117
+ s3-secure encryption -h
118
+ s3-secure encryption enable -h
119
+ s3-secure policy -h
120
+ s3-secure policy unforce_ssl -h
121
+
28
122
  ## Batch Commands
29
123
 
30
124
  There are some supported batch commands:
data/lib/s3_secure/help/encryption/disable.md ADDED
@@ -0,0 +1,5 @@
1
+ ## Example
2
+
3
+ $ s3-secure encryption disable a-test-bucket-in-us-east-1
4
+ Bucket a-test-bucket-in-us-east-1 encryption has been removed
5
+ $
data/lib/s3_secure/help/encryption/enable.md ADDED
@@ -0,0 +1,6 @@
1
+ ## Example
2
+
3
+ $ s3-secure encryption enable a-test-bucket-in-us-east-1
4
+ Encyption enabled on bucket a-test-bucket-in-us-east-1 with rules:
5
+ {:apply_server_side_encryption_by_default=>{:sse_algorithm=>"AES256"}}
6
+ $
data/lib/s3_secure/help/policy/enforce_ssl.md ADDED
@@ -0,0 +1,34 @@
1
+ ## Example
2
+
3
+ $ s3-secure policy enforce_ssl a-test-bucket-in-us-east-1
4
+ Add bucket policy to bucket a-test-bucket-in-us-east-1:
5
+ {
6
+ "Version": "2012-10-17",
7
+ "Statement": [
8
+ {
9
+ "Sid": "IPAllow",
10
+ "Effect": "Deny",
11
+ "Principal": "*",
12
+ "Action": "s3:*",
13
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
14
+ "Condition": {
15
+ "NotIpAddress": {
16
+ "aws:SourceIp": "54.240.143.0/24"
17
+ }
18
+ }
19
+ },
20
+ {
21
+ "Sid": "ForceSSLOnlyAccess",
22
+ "Effect": "Deny",
23
+ "Principal": "*",
24
+ "Action": "s3:GetObject",
25
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
26
+ "Condition": {
27
+ "Bool": {
28
+ "aws:SecureTransport": "false"
29
+ }
30
+ }
31
+ }
32
+ ]
33
+ }
34
+ $
data/lib/s3_secure/help/policy/unforce_ssl.md ADDED
@@ -0,0 +1,61 @@
1
+ ## Example
2
+
3
+ If the policy only has the ForceSSLOnlyAccess statement, then the entire bucket policy is removed:
4
+
5
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-west-1
6
+ Remove bucket policy to bucket a-test-bucket-in-us-west-1:
7
+ $
8
+
9
+ If the policy has other statements, then only the ForceSSLOnlyAccess is removed any other policies are kept in tact.
10
+
11
+ $ s3-secure policy show a-test-bucket-in-us-east-1
12
+ Bucket a-test-bucket-in-us-east-1 is configured with this policy:
13
+ {
14
+ "Version": "2012-10-17",
15
+ "Statement": [
16
+ {
17
+ "Sid": "IPAllow",
18
+ "Effect": "Deny",
19
+ "Principal": "*",
20
+ "Action": "s3:*",
21
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
22
+ "Condition": {
23
+ "NotIpAddress": {
24
+ "aws:SourceIp": "54.240.143.0/24"
25
+ }
26
+ }
27
+ },
28
+ {
29
+ "Sid": "ForceSSLOnlyAccess",
30
+ "Effect": "Deny",
31
+ "Principal": "*",
32
+ "Action": "s3:GetObject",
33
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
34
+ "Condition": {
35
+ "Bool": {
36
+ "aws:SecureTransport": "false"
37
+ }
38
+ }
39
+ }
40
+ ]
41
+ }
42
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-east-1
43
+ Remove bucket policy statement from bucket a-test-bucket-in-us-east-1:
44
+ {
45
+ "Version": "2012-10-17",
46
+ "Statement": [
47
+ {
48
+ "Sid": "IPAllow",
49
+ "Effect": "Deny",
50
+ "Principal": "*",
51
+ "Action": "s3:*",
52
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
53
+ "Condition": {
54
+ "NotIpAddress": {
55
+ "aws:SourceIp": "54.240.143.0/24"
56
+ }
57
+ }
58
+ }
59
+ ]
60
+ }
61
+ $
data/lib/s3_secure/policy/unforce.rb CHANGED
@@ -31,7 +31,7 @@ class S3Secure::Policy
31
31
  @s3.delete_bucket_policy(bucket: @bucket)
32
32
  end
33
33
 
34
- puts "Remove bucket policy to bucket #{@bucket}:"
34
+ puts "Remove bucket policy statement from bucket #{@bucket}:"
35
35
  puts policy_document if policy_document
36
36
  else
37
37
  puts "Bucket policy for #{@bucket} does not have ForceSSLOnlyAccess policy statement. Nothing to be done."
data/lib/s3_secure/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module S3Secure
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: s3-secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
@@ -215,6 +215,10 @@ files:
215
215
  - lib/s3_secure/help.rb
216
216
  - lib/s3_secure/help/completion.md
217
217
  - lib/s3_secure/help/completion_script.md
218
+ - lib/s3_secure/help/encryption/disable.md
219
+ - lib/s3_secure/help/encryption/enable.md
220
+ - lib/s3_secure/help/policy/enforce_ssl.md
221
+ - lib/s3_secure/help/policy/unforce_ssl.md
218
222
  - lib/s3_secure/help/summary.md
219
223
  - lib/s3_secure/policy.rb
220
224
  - lib/s3_secure/policy/base.rb