1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
You need to use Athena and not cloudwatch to query the S3 access logs and identify the TLS Version. The instructions can be found here https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html
You can search for all requests for "tlsversion" < '1.2'
. You can review and then if needed, enforce TLS 1.2 or above using an S3 Bucket Policy
As Such
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnforceTLSv12orHigher",
"Principal": {
"AWS": "*"
},
"Action": [
"s3:*"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::DOC_EXAMPLE_BUCKET/*",
"arn:aws:s3:::DOC_EXAMPLE_BUCKET"
],
"Condition": {
"NumericLessThan": {
"s3:TlsVersion": 1.2
}
}
}
]
}
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 9달 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전