Allow only HTTPS on an S3 Bucket

Oct 6 2014

It is possible to disable HTTP access on S3 bucket, limiting S3 traffic to only HTTPS requests. The documentation is scattered around the Amazon AWS documentation, but the solution is actually straightforward.

All you need to do to block HTTP traffic on an S3 bucket is add a Condition in your bucket's policy. AWS supports a global condition for verifying SSL. So you can add a condition like this:

"Condition": {
  "Bool": {
    "aws:SecureTransport": "true"
  }
}

Here's a complete example:

{
    "Version": "2008-10-17",
    "Id": "some_policy",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my_bucket/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}

Now accessing the contents of my_bucket over HTTP will produce a 403 error, while using HTTPS will work fine.

Books

Go In Practice

A cookbook-style guide for writing production Go code.

Drupal 7 Multi-Site Configuration

Configure Drupal to run more than one site.

Drupal 7 Module Development

Create Drupal 7 modules and themes.

Mastering OpenLDAP

Install, configure, and administer an OpenLDAP server.

Drupal 6 JavaScript and jQuery

Create Drupal 7 modules and themes.

Drupal 6 Module Development

Create Drupal 6 modules and themes.

Managing and Customizing OpenCms 6 Websites

Install, configure and use the OpenCms content management system.

Building Websites with OpenCms 5

Write custom Java and JSP for OpenCms.