Certified Security - Specialty

Sign Up Free or Log In to participate!

Forcing Encryption Using S3 – Couple of notes

Just a couple FYIs:

1) The title should be enforcing TLS, to avoid a false sense of security. Alternatively, it could be named "Forcing Encryption in transit Using S3". In my mind, enforcing S3 would be more like enforcing SSE-S3, SSE-KMS with its different variants. Client-Side-Encryption, and so on. 

2) Since the object was already been made public, an allow in the bucket policy is not really needed. This policy would also work: 

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "PublicReadGetObject",

"Effect": "Deny",

"Principal": "*",

"Action": "s3:GetObject",

"Resource": "arn:aws:s3:::Some_s3_bucket/*",

"Condition": {

"Bool": {

"aws:SecureTransport": "false"

}}}]}

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?