The S3 bucket {AwsS3Bucket} is using a policy that doesn't strictly require HTTPS connections. HTTPS uses TLS to encrypt all connections to the bucket. If a bucket’s policy doesn’t explicitly deny non-HTTPS connections, it puts the bucket in the risk of eavesdropping and man-in-the-middle attacks.
Recommended Mitigation
Ensure that all S3 bucket policies explicitly deny non-HTTPS connections.