Rule: S3 Buckets Should Enforce SSL
This rule ensures that S3 buckets enforce SSL for secure data transmission.
| Rule | S3 buckets should enforce SSL |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Medium |
Rule Description:
S3 buckets should enforce SSL (Secure Sockets Layer) for GxP (Good Practice) 21 CFR (Code of Federal Regulations) Part 11 compliance. This rule ensures that all data transmission to and from the S3 buckets is encrypted using SSL, which is a standard security protocol for establishing encrypted connections over the internet. Enforcing SSL for GxP 21 CFR Part 11 compliance helps protect sensitive data and ensures data integrity in accordance with regulatory requirements.
Troubleshooting Steps (if applicable):
If SSL enforcement is not in place for S3 buckets, follow these troubleshooting steps:
- 1.Verify if SSL is enabled: Check the S3 bucket configuration settings to ensure that SSL is enabled for both incoming and outgoing data transmission.
- 2.Update SSL settings: If SSL is not enabled, modify the bucket policy or access control list (ACL) to enforce SSL encryption for all data transfers.
- 3.Test SSL connectivity: Use an SSL testing tool or perform manual tests to verify that SSL encryption is successfully enforced for the S3 bucket.
Necessary Code (if applicable):
If SSL enforcement is not configured for S3 buckets, use the following sample code to enable SSL encryption:
{ "Version": "2012-10-17", "Id": "EnforceSSLOnly", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::your-bucket-name/*", "Condition": { "Bool": { "aws:SecureTransport": "false" } } } ] }
This code snippet denies access to the S3 bucket resources (
your-bucket-nameyour-bucket-nameStep-by-Step Guide for Remediation:
Follow these step-by-step instructions to enforce SSL for S3 buckets:
- 1.
Identify the target S3 bucket: Determine the S3 bucket(s) that need SSL enforcement for GxP 21 CFR Part 11 compliance.
- 2.
Access S3 bucket settings: Login to the AWS Management Console and navigate to the S3 service.
- 3.
Select the target bucket: Locate and click on the target S3 bucket from the list of available buckets.
- 4.
Configure SSL settings: Within the bucket configuration options, enable SSL encryption for both incoming and outgoing data transfers. This ensures that all data transmission to and from the bucket is encrypted.
- 5.
Update bucket policy or ACL: If SSL enforcement is not already in place, update the bucket policy or access control list (ACL) to enforce SSL encryption for all data transfers. Use the provided code snippet as a reference or modify the existing policy.
- 6.
Save and apply changes: Once the SSL settings are configured and the policy is updated, save the changes to apply SSL enforcement to the S3 bucket.
- 7.
Test SSL connectivity: Perform tests to verify that SSL encryption is now enforced for the S3 bucket. Check whether all data transfers to and from the bucket are utilizing SSL connections.
By following these steps, SSL enforcement can be successfully configured for S3 buckets to comply with GxP 21 CFR Part 11 regulations.