How to enforce SSL/TLS for S3 requests using AWS
Priyam Singh
~ 1 min read

Introduction
AWS S3, apart from providing the ability to perform Server Side Encryption (SSE) for data, also provides the ability to send data over an encrypted transport layer to ensure data protection in transit. This is implemented via a bucket policy with an “Effect”: “Deny” along with the boolean condition “aws:SecureTransport”: “false”. This effectively prevents the bucket’s contents from being served over plaintext HTTP.
Steps to enforce SSL/TLS for S3 requests using UI
-
Log in to your AWS account and navigate to S3 dashboard
-
In the left navigation panel, choose Buckets to access the S3 buckets list
-
Select the S3 bucket, that you want to configure
-
Click on Permissions tab
-
Click on Edit button to edit the S3 bucket policy
-
In the bucket policy editor, enter the bucket policy that is compliant with the SSL AWS Config rule
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Principal":{"AWS":["<AWS_account_ID>"]}, "Action":"s3:Get*", "Resource":"<bucket_ARN>/*" }, { "Effect":"Deny", "Principal":"*", "Action":"*", "Resource":"<bucket_ARN>/*", "Condition":{"Bool":{"aws:SecureTransport":"false"}} } ] }
-
Click on Save changes