You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to be able to specify my own policy for the S3 bucket, rather than having to use the policy that is specified; Particually I would like to be able to specify that there is deny for all files, unless the the scan-status is is CLEAN. This requires the lambda to have run, and actively tagged it. As it sits, there is a possiblity that the lambda has not run, and an infected file could be read. Rather than change the exisiting behavior.
This would require an additional optional property
Do you have an example of a Bucket policy that can deny access to everything but the scanning lambda if untagged? I don't think allowing users to specify the bucket policy is a great idea since there are various components of this construct that depend upon the specifics of the policy
I think ( to be prooved ) that I should be able to create a policy that does that. While I agree with the sentiment about users creating policy that could break something.. Its on their head if they do..
I would like to be able to specify my own policy for the S3 bucket, rather than having to use the policy that is specified; Particually I would like to be able to specify that there is deny for all files, unless the the scan-status is is CLEAN. This requires the lambda to have run, and actively tagged it. As it sits, there is a possiblity that the lambda has not run, and an infected file could be read. Rather than change the exisiting behavior.
This would require an additional optional property
At line 581, of index.ts, we can use a nullish coaleser to either use the default policy or the supplied one.
I can provide a PR for this.
The text was updated successfully, but these errors were encountered: