Force SSL on Amazon S3

2020-02-26 15:31发布

Is it possible (via IAM, bucket policy, or otherwise) to force Amazon S3 to only serve content over HTTPS/SSL and deny all regular, unencrypted HTTP access?

标签： ssl amazon-web-services https amazon-s3

2条回答

迷人小祖宗

2楼-- · 2020-02-26 15:50

I believe this can be achieved using a bucket policy. Deny all HTTP requests to the bucket in question using the condition aws:SecureTransport: false.
The following is not tested but it should give you an idea of how to set it up for your case.

{
    "Statement":[
        {
            "Action": "s3:*",
            "Effect":"Deny",
            "Principal": "*",
            "Resource":"arn:aws:s3:::bucketname/*",
            "Condition":{
                "Bool":
                { "aws:SecureTransport": false }
            }
        }
    ]
}

0人赞添加讨论(0) 举报

倾城　Initia

3楼-- · 2020-02-26 16:03

Here you allow your incoming traffic but refuse the non SSL one. If you want to go back just remove the 2^nd statement:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::yourbucketnamehere/*"
        },
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::yourbucketnamehere/*",
            "Condition":{
                "Bool":
                { "aws:SecureTransport": false }
            }
        }
    ]
}

Don't forget to put your bucket name at yourbucketnamehere.

Now you need to install a SSL certificate. All the information can be found here.

0人赞添加讨论(0) 举报

Force SSL on Amazon S3

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间