Description:
At the Amazon S3 bucket level, you can configure permissions through a bucket policy making the objects accessible only through HTTPS.
Rationale:
By default, Amazon S3 allows both HTTP and HTTPS requests. To achieve only allowing access to Amazon S3 objects through HTTPS you also have to explicitly deny access to HTTP requests. Bucket policies that allow HTTPS requests without explicitly denying HTTP requests will not comply with this recommendation.
From Console:
{
"Sid": ",
"Effect": "Deny",
"Principal": "",
"Action": "s3:",
"Resource": "arn:aws:s3:::/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
From Console
using AWS Policy Generator:
From Command Line:
aws s3api get-bucket-policy --bucket --query Policy --output text > policy.json
{
"Sid": ",
"Effect": "Deny",
"Principal": "",
"Action": "s3:",
"Resource": "arn:aws:s3:::/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
aws s3api put-bucket-policy --bucket --policy file://policy.json