Hello,

As a result of #5621, Serverless-created buckets include a bucket policy that is supposed to deny any s3:* Action over that bucket, unless it is performed over HTTPS.

Unfortunately that Bucket policy is incomplete and still allows listing the Bucket content over insecure HTTP connection, if the Principal has permissions to perform that action.

Incorrect (current) Bucket Policy:

Hi,

I wanted to enable binary support on API gateway, but could not find the way to do it via component's inputs.

Is this something that you would consider adding in the future?

If so, I can try to add this feature. It doesn't look too complicated.

Thanks!

Describe the bug

Hi there! 👋

I'm adding an origin of this form http://foo.s3-website-eu-west-1.amazonaws.com.

As other issues revealed those kind of origins are not an S3OriginConfig but a CustomOriginConfig.

So it might help to exclude these kind of origins, o

I'm submitting a...

[x ] Bug report  
[ ] Feature request
[ ] Documentation issue or request

In package

[ ] @ng-toolkit/init
[ ] @ng-toolkit/serverless
[x] @ng-toolkit/universal
[ ] @ng-toolkit/pwa
[ ] @ng-toolkit/f

Hi everyone,

I'm building Saas app model where each client should have their own API_KEY specified expiry dateTime as additional authorization method (AWS Cognito User Pool is used by default authorization).

I can see we have one field API_Key but have no idea how appsync works out on selecting specifically which API_KEY corresponding for each clients.

Another scenario using API_Key as

synk report issue

Description

We are synk (https://snyk.io/) for checking used packages.

Synk is complaining about a security issue for serverless-step-functions.
https://snyk.io/vuln/SNYK-JS-DOTPROP-543489

Additional Data

• Serverless Framework Core Version you're using: 1.64.1
• The Plugin Version you're using: 2.17.1
• Operating System: macOS Majove 10.14

This is a Bug Report

Description

custom:
  alerts:
    topics:
      alarm:
        topic: uclusion-summaries-${opt:stage, self:provider.stage}-alerts-alarm
        notifications:
          - protocol: email
            endpoint: [email protected]
    definitions:
      functionInvocations:
        evaluationPeriods: 60
        datapointsToAlarm: 10
    alarms:
      -