AWS S3 BUCKET POLICY WITH FORCEFULLY SSL REQUESTS ONLY

AWS S3 BUCKET POLICY WITH FORCEFULLY SSL REQUESTS ONLY

June 8, 2020 / Eternal Team

In this blog, our AWS team will explain to you how can we create a secure bucket policy on S3.
Confusing about “secure bucket”???
Have you ever heard about “HTTP and HTTPS protocols”

AWS S3 Bicket Policy Forcefully SSL Requests Only

The above image shows that https requests should be encrypted, so that no one hacker can hack our website.
Just the same thing we will step in AWS.
So now let’s get started with log in to your AWS console …… 🙂

Step 1

Go to the S3 console and create a bucket and add some objects on the bucket.
In our case, my bucket name is “mywebsite1996”
And we have created Two folders that are

  1. private
  2. public

In this blog, we can use the public folder,

Note

Our bucket is in publicly accessible,

AWS S3 Bicket Policy Forcefully SSL Requests Only

So in our public folder, I have uploaded a pic of my AWS certification badge,

URL https://mywebsite1996.s3.amazonaws.com/public/AWS_Solutions_Architect_logo_aws_solutions_architect_aws_solutions_architect.png

AWS S3 Bicket Policy Forcefully SSL Requests Only

Now change the URL http://mywebsite1996.s3.amazonaws.com/public/AWS_Solutions_Architect_logo_aws_solutions_architect_aws_solutions_architect.png

In both of the above images, we can say that the https request is very secure.

AWS S3 Bicket Policy Forcefully SSL Requests Only

Step 2

Go to the “bucket policy” in the permission section

AWS S3 Bicket Policy Forcefully SSL Requests Only

Step 3

So now we have to create a custom policy.

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::/public/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

Here my bucket name is “mywebsite1996”

AWS S3 Bicket Policy Forcefully SSL Requests Only

And click on “save button”
On the above policy, you can see that we have denied the specific folder that is “public” ( you can also apply to the bucket)
Now go to the “public folder “ and open the object URL
Your URL looks like this,
https://mywebsite1996.s3.amazonaws.com/public/AWS_Solutions_Architect_logo_aws_solutions_architect_aws_solutions_architect.png

AWS S3 Bicket Policy Forcefully SSL Requests Only

And click on the URL you will see the image, for here we have uploaded my certification badge

AWS S3 Bicket Policy Forcefully SSL Requests Only

Now try to access the URL via http request
You will see this,
http://mywebsite1996.s3.amazonaws.com/public/AWS_Solutions_Architect_logo_aws_solutions_architect_aws_solutions_architect.png

AWS S3 Bicket Policy Forcefully SSL Requests Only

Great, you finally did it……

AWS-Consulting-Partner

Talk to AWS Certified Consultant

    Want to start a project?

    It’s simple.

    Contact us