2 Answers
- Newest
- Most votes
- Most comments
2
Hello.
I think you can limit access to only HTTPS by setting the bucket policy described in the document below.
https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
{
"Id": "ExamplePolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
You can check the settings by running the following command.
You can confirm that if you explicitly send a request via HTTP with "--endpoint-url", it will be rejected.
# Success
aws s3 ls s3://s3-bucket-name/ --endpoint-url https://s3.ap-northeast-1.amazonaws.com
# Fail
aws s3 ls s3://s3-bucket-name/ --endpoint-url http://s3.ap-northeast-1.amazonaws.com
1
It looks like you have followed this, but missed a couple of wildcards https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
Your "Action": "s3:",
entry should be "Action": "s3:*",
Similarly "arn:aws:s3:::DOC-EXAMPLE-BUCKET/"
needs to be "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
(I think it's the first one that is more important)
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago