S3 bucket policy that enforces TLS and blocks public reads

14025 views

                  {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyInsecureTransport",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::codesnips-assets-production",
        "arn:aws:s3:::codesnips-assets-production/*"
      ],
      "Condition": {
        "Bool": { "aws:SecureTransport": "false" }
      }
    }
  ]
}

Public cloud storage needs explicit safety rails because the defaults are not enough by themselves. I deny insecure transport, block public access at the account level, and scope principals tightly. Storage mistakes are still one of the easiest ways to cause a quiet data leak.

Kai Nakamura

More from Kai Nakamura

S3 bucket policy that enforces TLS and blocks public reads

0 Comments

More from Kai Nakamura