1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
You need to use Athena and not cloudwatch to query the S3 access logs and identify the TLS Version. The instructions can be found here https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html
You can search for all requests for "tlsversion" < '1.2'
. You can review and then if needed, enforce TLS 1.2 or above using an S3 Bucket Policy
As Such
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnforceTLSv12orHigher",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:*"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::DOC_EXAMPLE_BUCKET/*",
"arn:aws:s3:::DOC_EXAMPLE_BUCKET"
],
"Condition": {
"NumericLessThan": {
"s3:TlsVersion": 1.2
}
}
}
]
}
Contenus pertinents
- demandé il y a 4 mois
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- Comment puis-je appliquer le protocole TLS version 1.2 ou ultérieure à mes compartiments Amazon S3 ?AWS OFFICIELA mis à jour il y a 9 mois