AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How to update my S3 object to TLS 1.2 or higher

0

I am currently using AWS CLI with php to save images inside a s3 bucket. I received an email from amazon telling me to update my TLS version.

I have no idea what to do. Is it something that I have to do regarding my s3 buckets information? What are the steps to update the TLS version?

Or maybe it is something regarding my php code?

Thank you and please help!

주제
스토리지관리 및 거버넌스사물 인터넷(IoT)
태그
아마존 심플 스토리지 서비스AWS 명령줄 인터페이스전송 계층 보안(TLS)
언어
English
Franco Maldonado
질문됨 일 년 전4055회 조회
3개 답변
1

Amazon S3 now support TLS 1.2. You can enforce using a recent TLS version(TLS 1.2 or higher) when the viewer access content that’s stored in your S3 buckets by using a resource-based policy attached to your bucket. Please review the article below to follow the steps to update the policy attached to the S3 Bucket-https://repost.aws/knowledge-center/s3-enforce-modern-tls

AWS
Nirali Deliwala
답변함 일 년 전
profile picture
전문가
Antonio_Lagrotteria
검토됨 일 년 전
0

Hello,

Few options:

  1. Enforce the bucket policy to use tls1.2 as Nirali highlighted above. This will prevent the workload to access S3 but will ensure S3 accepts TLS 1.2 minimum.
  2. You should upgrade your environment and its dependencies (the OS, the AWS CLI, the PHP version if required) to ensure they support TLS 1.2. It seems you are calling the CLI from PHP though wanted to highlight we also have a SDK for PHP. See guidance on how to upgrade the AWS SDK for PHP: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#http-handler
  3. For CLI guidance, you can refer to this documentation on how to enforce TLS 1.2, see https://docs.aws.amazon.com/cli/latest/userguide/cli-security-enforcing-tls.html.

Hope it helps, Jon

profile pictureAWS
전문가
Jonathan_D
답변함 일 년 전
0

You can enforce using TLS 1.2 or higher for all connections to your S3 buckets by using a resource-based policy attached to your bucket.

To set a bucket policy that requires TLS versions 1.2 or higher:

Go to the S3 console. Select the bucket from the list. Navigate to the Permissions tab. Under Bucket Policy, select Edit. Add a policy to deny access to the encryption protocols that you want to prevent. For example, use the following policy to deny all HTTPS requests that use TLS versions lower than 1.2:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "EnforceTLSv12orHigher", "Principal": { "AWS": "" }, "Action": ["s3:"], "Effect": "Deny", "Resource": [ "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*", "arn:aws:s3:::DOC-EXAMPLE-BUCKET" ], "Condition": { "NumericLessThan": { "s3:TlsVersion": 1.2 } } } ] }

Confirm that you are using modern encryption protocols for S3 To test your new policy, use the following example curl command to make HTTPS requests using a specific legacy protocol: curl https://${BUCKET_NAME}.s3.us-east-1.amazonaws.com/image.png -v --tlsv1.0 --tls-max 1.0

The example curl command returns Access Denied as Amazon S3 detects your request is not using TLS 1.2 or higher.

AWS
Hemant Chugh
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠