Does the TLS 1.2 requirement also retire http requests

I am looking into a notification that we are accessing our S3 bucket via a non support TLS version, however, going through all the access logs, the only non TLS1.2 requests are - as they are plain http requests.

Is the TLS 1.2 requirement also deprecating http requests?

Themen

Speicher Internet der Dinge (IoT)

Tags

Amazon Simple Storage Service Sicherheit der Transportschicht (TLS)

Sprache

English

AWS-User-8443772

gefragt vor 9 Monaten230 Aufrufe

1 Antwort

Neueste
Die meisten Stimmen
Die meisten Kommentare

Sind diese Antworten hilfreich? Stimmen Sie der richtigen Antwort zu, damit die Community von Ihrem Wissen profitieren kann.

No, HTTP is still a supported protocol for S3, see: Amazon Simple Storage Service endpoints and quotas.

But you can disable the HTTP protocol using a condition in your IAM policies. Example:

{
  "Id": "ExamplePolicy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowSSLRequestsOnly",
      "Action": "s3:*",
      "Effect": "Deny",
      "Resource": [
        "arn:aws:s3:::DOC-EXAMPLE-BUCKET",
        "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
      ],
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      },
      "Principal": "*"
    }
  ]
}

EXPERTE

kentrad

beantwortet vor 9 Monaten

AWS-User-8443772
vor 9 Monaten
Thanks for the information. I received a notification on my AWS Health Dashboard "Security tls deprecation notification". I am going through the AWS S3 bucket access logs and cannot find any that aren't - or tls1.2. Under Affected Resources there is just 1 listed. Does that mean only one bucket is affected or there has only been one request to that one bucket that would be affected?
kentrad EXPERTE
vor 9 Monaten
"Affected Resource" would refer to the bucket. Not sure how many requests to that bucket that involves.
AWS-User-8443772
vor 9 Monaten
Thanks again - is there an easy way to see the number of non tls 1.2 or http requests made without going through every object in the s3 logs bucket and checking?
kentrad EXPERTE
vor 9 Monaten
I would use Athena to query these logs. https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html
AWS-User-8443772
vor 9 Monaten
Thanks again, I really appreciate it. Unfortunately, every step I take I hit another roadblock. I'm getting the slow down error https://repost.aws/questions/QU2JCqkDnLStC-HowHqYN6xA/athena-query-error. Is there any way to pass in a date range for creation of the S3 objects to be searched? Or another way to "stagger" the search. I got around 1/12 of the way through the data searched before it errored out.

Relevanter Inhalt

Wie behebe ich den Fehler „403 ERROR - The request could not be satisfied. Bad Request“ in CloudFront?
AWS OFFICIALAktualisiert vor einem Jahr
Wie kann ich TLS 1.0 oder TLS 1.1 in meiner Lightsail-Instance ausschalten?
AWS OFFICIALAktualisiert vor einem Jahr
Wie erzwinge ich die Verwendung von TLS 1.2 oder höher für meine Amazon-S3-Buckets?
AWS OFFICIALAktualisiert vor 9 Monaten
Warum erhalte ich die Fehlermeldung „The request contained an unsupported argument.“, wenn ich der ACL meines Amazon S3-Buckets ein Konto hinzufüge?
AWS OFFICIALAktualisiert vor 2 Jahren