
ACG_Student
Just a couple FYIs:
1) The title should be enforcing TLS, to avoid a false sense of security. Alternatively, it could be named "Forcing Encryption in transit Using S3". In my mind, enforcing S3 would be more like enforcing SSE-S3, SSE-KMS with its different variants. Client-Side-Encryption, and so on.
2) Since the object was already been made public, an allow in the bucket policy is not really needed. This policy would also work:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::Some_s3_bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}}}]}