Update secure_s3_construct.py (#9)

ran-isenberg · Jul 1, 2024 · 96f48d7 · 96f48d7
1 parent d4e345e
commit 96f48d7
Showing 1 changed file with 3 additions and 5 deletions.
diff --git a/cdk/blueprint/secure_s3_construct.py b/cdk/blueprint/secure_s3_construct.py
@@ -17,12 +17,11 @@ def _create_log_bucket(self, is_production_env: bool) -> s3.Bucket:
         log_bucket = s3.Bucket(
             self,
             constants.ACCESS_LOG_BUCKET_NAME,
-            versioned=True,
+            versioned=True if is_production_env else False,
             encryption=s3.BucketEncryption.S3_MANAGED,
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             removal_policy=RemovalPolicy.DESTROY if not is_production_env else RemovalPolicy.RETAIN,
             enforce_ssl=True,
-            public_read_access=False,
             auto_delete_objects=True if not is_production_env else False,
         )
         CfnOutput(self, 'LogBucketName', value=log_bucket.bucket_name).override_logical_id('LogBucketName')
@@ -33,14 +32,13 @@ def _create_bucket(self, server_access_logs_bucket: s3.Bucket, is_production_env
         bucket = s3.Bucket(
             self,
             constants.BUCKET_NAME,
-            versioned=True,
+            versioned=True if is_production_env else False,
             encryption=s3.BucketEncryption.S3_MANAGED,
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             removal_policy=RemovalPolicy.DESTROY if not is_production_env else RemovalPolicy.RETAIN,
             enforce_ssl=True,
             auto_delete_objects=True if not is_production_env else False,
-            public_read_access=False,
-            object_lock_enabled=True,
+            object_lock_enabled=True if is_production_env else False,
             server_access_logs_bucket=server_access_logs_bucket,
         )