Rule: S3 Buckets Should Enforce SSL
This rule ensures that all S3 buckets enforce SSL for secure data transmission
| Rule | S3 buckets should enforce SSL |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Medium |
Rule Description: Enforce SSL for S3 Buckets as per RBI Cyber Security Framework
The RBI Cyber Security Framework mandates that all S3 buckets should enforce SSL (Secure Sockets Layer) for data transmission and communication. SSL ensures that data exchanged between the client and S3 buckets remains encrypted and secure.
Enforcing SSL for S3 buckets helps protect against unauthorized access, eavesdropping, and data tampering during transit, thereby reducing the risk of data breaches and ensuring compliance with RBI regulations.
Troubleshooting Steps (if any):
If you encounter any issues while enforcing SSL for S3 buckets, you can follow these troubleshooting steps:
- 1.Verify the bucket policy: Ensure that the bucket policy allows SSL connections (
)."aws:SecureTransport": "true" - 2.Check SSL certificate validity: Ensure that the SSL certificate used by the S3 bucket is valid and not expired. You can use an SSL certificate validation tool or contact the certificate provider for assistance.
- 3.Verify SSL/TLS settings on the client-side: Ensure that the client-side applications accessing the S3 buckets have SSL/TLS settings configured correctly. Update the application settings, if necessary.
Necessary codes (if any):
If your S3 buckets do not have SSL enforcement enabled, you can use the following bucket policy to enforce SSL:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnforceSSL",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::YOUR_S3_BUCKET_NAME/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
Replace
"YOUR_S3_BUCKET_NAME"Step-by-Step Guide for Remediation:
To enforce SSL for an S3 bucket, follow these steps:
- 1.Open the AWS Management Console and navigate to the S3 service.
- 2.Select the desired S3 bucket for which you want to enforce SSL.
- 3.Click on the "Permissions" tab.
- 4.Scroll down to the "Bucket Policy" section and click on the "Edit" button.
- 5.Replace any existing bucket policy with the code provided above, or add the necessary
under an existing policy."Condition" - 6.Click on the "Save changes" button to apply the new policy to the S3 bucket.
- 7.Verify the updated policy by ensuring that the
condition is set to"aws:SecureTransport"
.true - 8.Access your S3 bucket using SSL-enabled applications and verify that the data transmission is encrypted.
By following these steps, you will enforce SSL for your S3 bucket, complying with the RBI Cyber Security Framework requirements and ensuring secure data transmission.