Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: S3 Buckets Should Enforce SSL

This rule ensures that S3 buckets enforce SSL for secure data transfer.

RuleS3 buckets should enforce SSL
FrameworkFedRAMP Moderate Revision 4
Severity
Medium

Rule Description

S3 buckets storing data classified under FedRAMP Moderate Revision 4 should enforce SSL (Secure Sockets Layer) encryption for secure data transmission.

Enforcing SSL ensures that data transferred between clients and S3 buckets is encrypted, preventing unauthorized access and enhancing the overall security posture of the system.

Troubleshooting Steps

If SSL enforcement for S3 buckets is not working as expected, follow these troubleshooting steps:

  2. 1.
    Check Bucket Policy: Verify the S3 bucket policy to ensure that SSL enforcement is correctly defined.
  4. 2.
    Verify SSL Configuration: Ensure that SSL is properly configured on the clients attempting to access the S3 bucket.
  6. 3.
    Verify SSL Certificate: Check if the SSL certificate used is valid and properly configured on the S3 bucket.

Necessary Codes

The following code snippet can be used to enforce SSL encryption for S3 buckets:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EnforceSSL",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::your-bucket-name/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

This policy denies any actions on the S3 bucket if the request is not made over a secure SSL connection.

Step-by-Step Guide for Remediation

Follow the steps below to enforce SSL for an S3 bucket:

  2. 1.
    Access the AWS Management Console.
  4. 2.
    Navigate to the S3 service.
  6. 3.
    Select the S3 bucket that is subject to the rule.
  8. 4.
    Click on the "Permissions" tab.
  10. 5.
    Scroll down to the "Bucket Policy" section and click on the "Edit" button.
  12. 6.
    Replace the existing policy with the necessary code provided above.
  14. 7.
    Save the changes to apply the new bucket policy.

By enforcing SSL encryption for the S3 bucket, all data transferred to and from the bucket will be secured with SSL, complying with the FedRAMP Moderate Revision 4 requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now