Skip to content

Commit f6e071c

Browse files
ksbdeksbde
authored
feat: Deny HTTP on Karpenter SQS policy (#3080)
1 parent 7cd3be3 commit f6e071c

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

modules/karpenter/main.tf

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -464,6 +464,27 @@ data "aws_iam_policy_document" "queue" {
464464
]
465465
}
466466
}
467+
statement {
468+
sid = "DenyHTTP"
469+
effect = "Deny"
470+
actions = [
471+
"sqs:*"
472+
]
473+
resources = [aws_sqs_queue.this[0].arn]
474+
condition {
475+
test = "StringEquals"
476+
variable = "aws:SecureTransport"
477+
values = [
478+
"false"
479+
]
480+
}
481+
principals {
482+
type = "*"
483+
identifiers = [
484+
"*"
485+
]
486+
}
487+
}
467488
}
468489

469490
resource "aws_sqs_queue_policy" "this" {

0 commit comments

Comments
 (0)