From 7da06f4b9f2507f39768ea38c9bf92c6bae783ab Mon Sep 17 00:00:00 2001
From: Philip Ellis <philip.ellis@sailpoint.com>
Date: Fri, 6 Sep 2024 17:17:51 -0400
Subject: [PATCH] allow public access added to s3 template

---
 template.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/template.yaml b/template.yaml
index ff059e974b1..a73720d3f2e 100644
--- a/template.yaml
+++ b/template.yaml
@@ -136,6 +136,11 @@ Resources:
       WebsiteConfiguration:
         IndexDocument: index.html
         ErrorDocument: 404.html
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: false
+        BlockPublicPolicy: false
+        IgnorePublicAcls: false
+        RestrictPublicBuckets: false
   DeveloperSailpointWebSiteBucketPolicy:
     Type: "AWS::S3::BucketPolicy"
     Properties:
@@ -153,6 +158,12 @@ Resources:
           Condition:
             StringEquals:
               "AWS:SourceArn": !Join [ "", [ "arn:aws:cloudfront::", !Ref "AWS::AccountId", ":distribution/", !Ref DeveloperSailpointCloudFrontDistribution ] ]
+        - Sid: "PublicReadGetObject"
+          Effect: "Allow"
+          Principal: "*"
+          Action:
+            - "s3:GetObject"
+          Resource: !Join [ "", [ "arn:aws:s3:::", !Ref DeveloperSailpointWebSiteBucket, "/*" ] ]
   # CloudFront Distribution for hosting the single page app website
   DeveloperSailpointCloudFrontDistribution:
     Type: "AWS::CloudFront::Distribution"