Towards the end of the video tutorial, Ryan mentioned an alternate method to limit access only to https traffic – set ‘awsSecureTransport’ to true. In that case, would the bucket policy look something like this (ignore the syntax):
Resource: bucket ARN
There shouldn’t be a need for any ‘deny’ conditions in this case since it would deny ‘https’ access as well (deny overrides allow). Is my understanding correct?
I think in Ryan’s policy document – the "true" part is just to read or get the object first and THEN evaluate the boolean to decide to allow or disallow.
I think in short – rather than attaching two policies for the bucket (one for reading/listing which is pre-requisite for the evaluation and second one for the secure transport logic) – the trainer chose to show both of them in same policy !