S3 buckets should require requests to use Secure Socket Layer

2023-06-12 · 1 min read

另一個在 AWS Security Hubs 遇到既建意係
S3 buckets should require requests to use Secure Socket Layer

S3 buckets should require requests to use Secure Socket Layer
S3 buckets should require requests to use Secure Socket Layer

主要係要用https 來 access 這個bucket

解決方法
我們只需要去IAM更新可以access 這個 Bucketpolicy
加入以下 condition 便可 "aws:SecureTransport": "true"

"Condition": {
				"Bool": {
					"aws:SecureTransport": "true"
				}
			}

E.g.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "bucket-access-policy-1",
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject",
				"s3:GetObjectAttributes",
				"s3:DeleteObject"
			],
			"Resource": "arn:aws:s3:::[bucket-name]/*",
			"Condition": {
				"Bool": {
					"aws:SecureTransport": "true"
				}
			}
		}
	]
}

Hope you find it useful

S3 S3 Best Practice AWS Security Hubs
Chi Yau
Authors
Chi Yau
App Dev