We're updating the issue view to help you get more done. 

PCI: ensure integrity in S3

Description

Cloudflare currently connects to S3 using http instead of https.

Options for correcting this include:

  1. Switching to CloudFront, or

  2. Connecting to a router within the VPC using https, and using a special VPC connection to S3.

 

Original Note from

For old ecommerce, we currently ensure integrity by using AMIs which proved AWS guarantee of integrity once the artifact is built.

I don't know how we do that for MFEs to make sure that no one has tampered with the files but we might be able to rely on S3's internal integrity checks once we've uploaded the file.

Aside: Adding audit logging to the bucket could be a useful enhancement, but doesn’t resolve this requirement if it is.

 

Status

Epic Link

Story Points

None

Assignee

Gabe Mulley

Reporter

Robert Raposa

Labels

None

Sprint