S3 Bucket Should Enforce HTTPS

Data protection

S3 Bucket Should Enforce HTTPS

Platform(s)

Compliance Frameworks

AWS CIS
AWS Foundational Security Best Practices Controls
CCPA
cis_8
CPRA
CSA CCM
Data Security Posture Management (DSPM) Best Practices
iso_27001_2022
iso_27002_2022
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA

Description

By default, Amazon S3 allows both HTTP and HTTPS requests. In order to allow access to Amazon S3 objects only through HTTPS, you have to explicitly deny access to HTTP requests. It was detected that the S3 bucket {AwsS3Bucket} is using a policy that doesn't strictly require HTTPS connections. HTTPS uses TLS to encrypt all connections to the bucket. If a bucket's policy doesn't explicitly deny non-HTTPS connections, it puts the bucket in the risk of eavesdropping and man-in-the-middle attacks.

S3 Bucket Should Enforce HTTPS

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS