AWS, encrypted connections to s3 bucket

Question

I wanted to secure bucket s3 so that connections to it could only be made over ssl. Now I have "secure_transport_enabled": false,

Where can I set this option? Maybe in ACL? What if I have ACL disabled on bucket?

score 0 · Answer 1 · answered Jan 18 '23 at 12:45

You can enable s3 bucket policy and deny all request made if ssl is not used. Here is the bucket policy you could use:

{
  "Id": "EnforceSSLPolicy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyInsecureRequests",
      "Action": "s3:*",
      "Effect": "Deny",
      "Resource": [
        "arn:aws:s3:::BUCKET-NAME",
        "arn:aws:s3:::BUCKET-NAME/*"
      ],
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      },
      "Principal": "*"
    }
  ]
}

AWS, encrypted connections to s3 bucket

1 Answers1