1 Answer
- Newest
- Most votes
- Most comments
0
No, HTTP is still a supported protocol for S3, see: Amazon Simple Storage Service endpoints and quotas.
But you can disable the HTTP protocol using a condition in your IAM policies. Example:
{
"Id": "ExamplePolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
Relevant content
- Accepted Answerasked 2 months ago
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 7 months ago
Thanks for the information. I received a notification on my AWS Health Dashboard "Security tls deprecation notification". I am going through the AWS S3 bucket access logs and cannot find any that aren't
-
ortls1.2
. Under Affected Resources there is just 1 listed. Does that mean only one bucket is affected or there has only been one request to that one bucket that would be affected?"Affected Resource" would refer to the bucket. Not sure how many requests to that bucket that involves.
Thanks again - is there an easy way to see the number of non
tls 1.2
or http requests made without going through every object in the s3 logs bucket and checking?I would use Athena to query these logs. https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html
Thanks again, I really appreciate it. Unfortunately, every step I take I hit another roadblock. I'm getting the slow down error https://repost.aws/questions/QU2JCqkDnLStC-HowHqYN6xA/athena-query-error. Is there any way to pass in a date range for creation of the S3 objects to be searched? Or another way to "stagger" the search. I got around 1/12 of the way through the data searched before it errored out.