From 49d286bd1867a64b1e524350d8126c5700a224b2 Mon Sep 17 00:00:00 2001
From: Joni Harker <joni.harker@sagebase.org>
Date: Wed, 19 Nov 2025 11:56:21 -0800
Subject: [PATCH] [IT-4073] Require HTTPS for scipool bucket access

Update bucket policy to deny access to requests that do not use HTTPS.

Promotion to production after testing.
---
 sceptre/scipool/config/prod/cfn-cr-sc-bucket-policy.yaml    | 2 +-
 sceptre/scipool/config/strides/cfn-cr-sc-bucket-policy.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sceptre/scipool/config/prod/cfn-cr-sc-bucket-policy.yaml b/sceptre/scipool/config/prod/cfn-cr-sc-bucket-policy.yaml
index 9faa9cc2..2971b380 100644
--- a/sceptre/scipool/config/prod/cfn-cr-sc-bucket-policy.yaml
+++ b/sceptre/scipool/config/prod/cfn-cr-sc-bucket-policy.yaml
@@ -1,6 +1,6 @@
 template:
   type: http
-  url: https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com/cfn-cr-sc-bucket-policy/1.0.6/cfn-cr-sc-bucket-policy.yaml
+  url: https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com/cfn-cr-sc-bucket-policy/1.0.7/cfn-cr-sc-bucket-policy.yaml
 stack_name: cfn-cr-sc-bucket-policy
 stack_tags:
   OwnerEmail: "it@sagebase.org"
diff --git a/sceptre/scipool/config/strides/cfn-cr-sc-bucket-policy.yaml b/sceptre/scipool/config/strides/cfn-cr-sc-bucket-policy.yaml
index 9faa9cc2..2971b380 100644
--- a/sceptre/scipool/config/strides/cfn-cr-sc-bucket-policy.yaml
+++ b/sceptre/scipool/config/strides/cfn-cr-sc-bucket-policy.yaml
@@ -1,6 +1,6 @@
 template:
   type: http
-  url: https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com/cfn-cr-sc-bucket-policy/1.0.6/cfn-cr-sc-bucket-policy.yaml
+  url: https://{{stack_group_config.admincentral_cf_bucket}}.s3.amazonaws.com/cfn-cr-sc-bucket-policy/1.0.7/cfn-cr-sc-bucket-policy.yaml
 stack_name: cfn-cr-sc-bucket-policy
 stack_tags:
   OwnerEmail: "it@sagebase.org"