Fix Principal value in verification bucket policy.

The Principal listed in a bucket policy needs to follow the correct syntax or it will be rejected as a bad bucket policy. configure_aws_verification_bucket is used to set the policy for the user verification bucket. I have no idea how I committed this with a broken policy but it seems like this never worked to begin with :) There shouldn't be any security implications to allowing any principal to access the bucket. We're verifying on the server side that the appropriate parameters are included in the URL, which implies that the requester is actually logged in to an AWS user account.
MIT-LCP · Jul 24, 2024 · 4d8b29e · 4d8b29e
1 parent f74b2dc
commit 4d8b29e
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/physionet-django/user/awsverification.py b/physionet-django/user/awsverification.py
@@ -273,7 +273,7 @@ def configure_aws_verification_bucket(bucket_name):
 
     # This must match the set of allowed principals
     # (see parse_aws_user_arn above).
-    principal = "arn:aws:iam::*:user/*"
+    principal = "*"
 
     # This must match the required verification key
     # (see get_aws_verification_key above).