Description: 

Simple Storage Service - S3 is storage for the internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS Management Console. This rule helps S3 bucket policies require encryption during data transit.


Rationale: 

By enabling S3 bucket policy should to comply with rule to have s3 bucket ssl requests only.


Audit: 

To determine HTTP or HTTPS requests in a bucket policy, use a condition that checks for the key "aws:SecureTransport". When this key is true, this means that the request is sent through HTTPS. To be sure to comply with the s3-bucket-ssl-requests-only rule, create a bucket policy that explicitly denies access when the request meets the condition "aws:SecureTransport": "false". This policy explicitly denies access to HTTP requests.


Remediation:

Perform the following to enable S3 bucket comply with rule to have s3 bucket ssl requests only:

  1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.
  2. In the Bucket name list, choose the name of the bucket that you want to create a bucket policy for or whose bucket policy you want to edit.
  3. Choose Permissions, and then choose Bucket Policy.
  4. In the Bucket policy editor text box, type or copy and paste a new bucket policy, or edit an existing policy. The bucket policy is a JSON file. The text you type in the editor must be valid JSON.
  5. Choose Save.


Default Value: 

By default, Amazon S3 allows both HTTP and HTTPS requests. To comply with the s3-bucket-ssl-requests-only rule, confirm that your bucket policies explicitly deny access to HTTP requests. Bucket policies that allow HTTPS requests without explicitly denying HTTP requests might not comply with the rule.


References: 

        1. https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-bucket-policy.html 

        2. https://docs.aws.amazon.com/s3/index.html