Require HTTPS
Require HTTPS
In this section, we need to create S3 Bucket Policy to request a connection to use HTTPS
-
First we access S3
- Select Buckets
- Select sid-security-xxxxxxx bucket
- In the sid-security-xxxxxxx bucket interface
- Select Permissions
- In the Bucket policy section, select Edit
- Copy the following bucket policy into Bucket Policy Editor
{
"Statement": [
{
"Action": "s3:*",
"Effect": "Deny",
"Principal": "*",
"Resource": "arn:aws:s3:::BUCKET_NAME/*",
"Condition": {
"Bool": {
"aws:SecureTransport": false
}
}
}
]
}
Replace BUCKET_NAME with the group name you copied into your text editor. Make sure you don’t remove the /* end of the group name.
- Check Policy and select Save changes
- Return to SSH interface to SID-security-instance. Run command
aws s3api head-object --key app1/file1 --endpoint-url http://s3.amazonaws.com --profile user1 --bucket ${bucket}
- The command will return a 403 error because the endpoint-url is HTTP.
- Continue running the following command.
aws s3api --endpoint-url https://s3.amazonaws.com --profile user1 head-object --key app1/file1 --bucket ${bucket}
The command succeeds because you used s3api which uses HTTPS.
