blockPublicAccess does not work for some regions
Opened this issue · 0 comments
I have an app that is deployed to all AWS regions. This is my serverless.yml (simplified)
provider:
name: aws
stage: ${opt:stage, "dev"}
runtime: nodejs12.x
stackName: ${self:serviceName}-${self:provider.stage}
memorySize: 128
mainRegion: ${opt:main-region, env:AWS_MAIN_REGION}
accountId: ${opt:aws-account-id, env:AWS_ACCOUNT_ID}
deploymentBucket:
name: my-company-deployment-${aws:region}
maxPreviousDeploymentArtifacts: 5
blockPublicAccess: true
serverSideEncryption: AES256
plugins:
- serverless-deployment-bucket
custom:
deploymentBucket:
versioning: false
accelerate: true
blockPublicAccess: true Previously I didn't include custom.deploymentBucket.blockPublicAccess. After I added it & deployed my service to all regions I saw that almost all deployment buckets (1 per region) were updated to Bucket and objects not public. However, the following regions did not update the deployment buckets to Access: Bucket and object not public:
af-south-1
ap-east-1
ap-northeast-3
ap-southeast-3
eu-north-1
eu-south-1
me-south-1
I've re-run the deployment multiple times and repeated the same procedure in a separate staging and prod account, and the result was the same -> these regions did not update. I had to do it manually via AWS cli.
I've double-checked my config and app code, but I couldn't fin anything particular about the problematic regions.