Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(bootstrap): remove Security Hub finding S3.10 (#24175)
**NOTE**: This PR bumps the version of the bootstrap stack to `16`, but there is no need to update your bootstrap stacks, unless it is to get rid of the Security Hub finding; this change has no effect on the functionality of any CDK app deployed to the environment. [Security Hub Finding S3.10](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-s3-10) says: > S3 buckets with versioning enabled should have lifecycle policies configured Presumably so you're not unknowingly accumulating a bigger and bigger S3 bucket as you are overwriting existing files. CDK will never do that, as files are content-addressed and immutable, but Security Hub can't know that and so it complains. Add a lifecycle rule to the S3 bucket to get rid of the finding. Expiration time of non-current files is set to 1 year. This should give enough opportunity to diagnose potential issues and audit the any funkiness in the bucket if the assumption that files are never overwritten should ever be violated. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information