AWS S3 bucket not configured with secure data transport policy
Description
To ensure secure data transport, configure your AWS S3 bucket to block public access or explicitly enforce aws:SecureTransport = true in your bucket policy. This ensures that all data transfers to and from the bucket use HTTPS, providing encryption and protecting the data from unauthorized access during transit.
Code Example
resource "aws_s3_bucket_policy" "example" {
...
policy = jsonencode({
...
Statement = [
{
Sid = "DenyInsecureTransport"
Effect = "Allow"
Principal = "*"
Action = "s3:*"
Resource = [
aws_s3_bucket.example.arn
]
Condition = {
Bool = {
"aws:SecureTransport" = "true"
}
}
}
]
})
}Remediation
Terraform
- Resource: aws_s3_bucket_acl
- Arguments: aws_s3_bucket_public_access_block, access_control_policy
To ensure secure data transport, configure your AWS S3 bucket to block public access or explicitly enforce `aws:SecureTransport = true` in your bucket policy. This ensures that all data transfers to and from the bucket use HTTPS, providing encryption and protecting the data from unauthorized access during transit.
The following example demonstrates how to configure an AWS S3 bucket policy in Terraform to enforce secure data transport by requiring HTTPS for all data transfers to and from the bucket.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0426 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_379 |