Data protection

S3 Bucket Should Enforce HTTPS

Description

The S3 bucket {AwsS3Bucket} is using a policy that doesn't strictly require HTTPS connections. HTTPS uses TLS to encrypt all connections to the bucket. If a bucket’s policy doesn’t explicitly deny non-HTTPS connections, it puts the bucket in the risk of eavesdropping and man-in-the-middle attacks.
  • Recommended Mitigation

    Ensure that all S3 bucket policies explicitly deny non-HTTPS connections.