AWS Config Rule: S3 Bucket SSL Requests Only

Description: Checks if Amazon S3 buckets have policies that require requests to use Secure Socket Layer (SSL). The rule is COMPLIANT if buckets explicitly deny access to HTTP requests. The rule is NON_COMPLIANT if bucket policies allow HTTP requests.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region

To resolve this manually, you will need to create a bucket policy which explicitly blocks http requests, and attach it to the S3 Bucket in question. An example of what the bucket policy might be can be found below. The important condition which you will need to pay attention to is the condition "aws:SecureTransport": "false"

You can resolve this with StackZone, which will be able to automatically create an Amazon S3 Bucket Policy which explicitly denies HTTP requests. This is then applied automatically to all S3 resources which are found to be NON_COMPLIANT with the AWS Config Rule.

To enable this within your own StackZone, head on over to Baseline Services -> Config Rules Regional -> Amazon S3 and enable S3 Bucket SSL Requests Only Remediation.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here