Amazon_S3_7

Ensure S3 Bucket should have encryption in transit for write actions

Description

Data in transit is data being accessed over the network, and therefore could be intercepted by someone else on the network or with access to the physical media the network uses. On an ethernet network, that could be someone with the ability to tap a cable, configure a switch to mirror traffic, or fool your client or a router into directing traffic to them before it moves on to the final destination.Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.

Remediation

Perform the following to ensure all objects placed in S3 are encrypted in transit and at rest:

Create a new file, add the following to it, and save it as policy.json:

{ Version”:”2012-10-17″, “Id”:”PutObjPolicy”,

“Statement”:{

“Sid”:”DenyUnEncryptedObjectUploads”,

“Effect”:”Deny”,

“Principal”:”*”,

“Action”:”s3:GetObject”,

“Resource”:”arn:aws:s3:::&lt

Service

S3

Severity

Medium

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!