S3 buckets should require requests to use Secure Socket Layer

Last updated on Feb 17, 2024 1 min read

另一個在 AWS Security Hubs 遇到既建意係
S3 buckets should require requests to use Secure Socket Layer

主要係要用https 來 access 這個bucket

解決方法
我們只需要去IAM更新可以access 這個 Bucket 既policy
加入以下 condition 便可 "aws:SecureTransport": "true"

"Condition": {
				"Bool": {
					"aws:SecureTransport": "true"
				}
			}

E.g.

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "bucket-access-policy-1",
			"Effect": "Allow",
			"Action": [
				"s3:PutObject",
				"s3:GetObject",
				"s3:GetObjectAttributes",
				"s3:DeleteObject"
			],
			"Resource": "arn:aws:s3:::[bucket-name]/*",
			"Condition": {
				"Bool": {
					"aws:SecureTransport": "true"
				}
			}
		}
	]
}

Hope you find it useful

S3 S3 Best practice AWS Security Hubs

S3 buckets should require requests to use Secure Socket Layer

Chi Yau

Software Engineer