json 18 lines · 1 tab

S3 bucket policy that enforces TLS and blocks public reads

Kai Nakamura Apr 2026
1 tab
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyInsecureTransport",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::codesnips-assets-production",
        "arn:aws:s3:::codesnips-assets-production/*"
      ],
      "Condition": {
        "Bool": { "aws:SecureTransport": "false" }
      }
    }
  ]
}
1 file · json Explain with highlit

Public cloud storage needs explicit safety rails because the defaults are not enough by themselves. I deny insecure transport, block public access at the account level, and scope principals tightly. Storage mistakes are still one of the easiest ways to cause a quiet data leak.

Share this code

Here's the card — post it anywhere.

S3 bucket policy that enforces TLS and blocks public reads — share card
Link copied