En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

How to update my S3 object to TLS 1.2 or higher

0

I am currently using AWS CLI with php to save images inside a s3 bucket. I received an email from amazon telling me to update my TLS version.

I have no idea what to do. Is it something that I have to do regarding my s3 buckets information? What are the steps to update the TLS version?

Or maybe it is something regarding my php code?

Thank you and please help!

Sujets
StockageGestion et gouvernanceInternet des objets (IoT)
Balises
Simple service de stockage AmazonInterface à ligne de commande AWSSécurité de la couche de transport (TLS)
Langue
English
Franco Maldonado
demandé il y a un an4054 vues
3 réponses
1

Amazon S3 now support TLS 1.2. You can enforce using a recent TLS version(TLS 1.2 or higher) when the viewer access content that’s stored in your S3 buckets by using a resource-based policy attached to your bucket. Please review the article below to follow the steps to update the policy attached to the S3 Bucket-https://repost.aws/knowledge-center/s3-enforce-modern-tls

AWS
Nirali Deliwala
répondu il y a un an
profile picture
EXPERT
Antonio_Lagrotteria
vérifié il y a un an
0

Hello,

Few options:

  1. Enforce the bucket policy to use tls1.2 as Nirali highlighted above. This will prevent the workload to access S3 but will ensure S3 accepts TLS 1.2 minimum.
  2. You should upgrade your environment and its dependencies (the OS, the AWS CLI, the PHP version if required) to ensure they support TLS 1.2. It seems you are calling the CLI from PHP though wanted to highlight we also have a SDK for PHP. See guidance on how to upgrade the AWS SDK for PHP: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#http-handler
  3. For CLI guidance, you can refer to this documentation on how to enforce TLS 1.2, see https://docs.aws.amazon.com/cli/latest/userguide/cli-security-enforcing-tls.html.

Hope it helps, Jon

profile pictureAWS
EXPERT
Jonathan_D
répondu il y a un an
0

You can enforce using TLS 1.2 or higher for all connections to your S3 buckets by using a resource-based policy attached to your bucket.

To set a bucket policy that requires TLS versions 1.2 or higher:

Go to the S3 console. Select the bucket from the list. Navigate to the Permissions tab. Under Bucket Policy, select Edit. Add a policy to deny access to the encryption protocols that you want to prevent. For example, use the following policy to deny all HTTPS requests that use TLS versions lower than 1.2:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "EnforceTLSv12orHigher", "Principal": { "AWS": "" }, "Action": ["s3:"], "Effect": "Deny", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*", "arn:aws:s3:::DOC-EXAMPLE-BUCKET" ], "Condition": { "NumericLessThan": { "s3:TlsVersion": 1.2 } } } ] }

Confirm that you are using modern encryption protocols for S3 To test your new policy, use the following example curl command to make HTTPS requests using a specific legacy protocol: curl https://${BUCKET_NAME}.s3.us-east-1.amazonaws.com/image.png -v --tlsv1.0 --tls-max 1.0

The example curl command returns Access Denied as Amazon S3 detects your request is not using TLS 1.2 or higher.

AWS
Hemant Chugh
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents