Why is it not enough just to put allow GetObject and condition aws:SecureTransport:True?

Question

For this policy why is necessary use both statements

jmcgettigan Answered 10 months ago · Answer 1 · 2021-03-20 17:04:27

jmcgettigan

Answered 10 months ago

Yes you think it could be done in one section, but its similar to firewall rule hierarchy. First rule allows public reads and second rule denies if HTTPS is false.

Ppatino Answered 8 months ago · Answer 2 · 2021-05-18 02:53:26

Ppatino

Answered 8 months ago

This worked in my testing.

    "Version": "2012-10-17",

    "Statement": [

            "Sid": "PublicReadGetObject",

            "Effect": "Allow",

            "Principal": {

                "AWS": "*"

},

            "Action": "s3:GetObject",

            "Resource": "arn:aws:s3:::yourbucketnamehere/*",

            "Condition": {

                "Bool": {

                    "aws:SecureTransport": "true"

Why is it not enough just to put allow GetObject and condition aws:SecureTransport:True?

2 Answers

Newsletter