AWS S3, apart from providing the ability to perform Server Side Encryption (SSE) for data, also provides the ability to send data over an encrypted transport layer to ensure data protection in transit. This is implemented via a bucket policy with an “Effect”: “Deny” along with the boolean condition “aws:SecureTransport”: “false”. This effectively prevents the bucket’s contents from being served over plaintext HTTP.
Log in to your AWS account and navigate to S3 dashboard
In the left navigation panel, choose Buckets to access the S3 buckets list
Select the S3 bucket, that you want to configure
Click on Permissions tab
Click on Edit button to edit the S3 bucket policy
In the bucket policy editor, enter the bucket policy that is compliant with the SSL AWS Config rule
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{"AWS":["<AWS_account_ID>"]},
"Action":"s3:Get*",
"Resource":"<bucket_ARN>/*"
},
{
"Effect":"Deny",
"Principal":"*",
"Action":"*",
"Resource":"<bucket_ARN>/*",
"Condition":{"Bool":{"aws:SecureTransport":"false"}}
}
]
}
Click on Save changes
