Amazon_S3_39

Ensure S3 Bucket Policy is set to deny HTTP requests

Description

If S3 bucket or objects needs to be public for any reason, ensure that S3 Buckets enforce encryption of data transfers using Secure Sockets Layer (SSL).

Remediation

From Portal:
1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
2. In the Buckets list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit.
3. Choose Permissions.
4. Under Bucket policy, choose Edit. This opens the Edit bucket policy page.
5. On the Edit bucket policy page, explore Policy examples in the Amazon S3 User Guide, choose Policy generator to generate a policy automatically, or edit the JSON in the Policy section.
Here add a policy statement that will Deny request with SecureTransport=false
6. In the Policy box, edit the existing policy or paste the bucket policy from the Policy generator. Make sure to resolve security warnings, errors, general warnings, and suggestions before you save your policy.
7. Choose Save changes, which returns you to the Bucket Permissions page.

Service

S3

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!