☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
Amazon S3/
🟢
Amazon S3 - Encryption in Transit (SSL/TLS)
🟢

Amazon S3 - Encryption in Transit (SSL/TLS)

  • Encryption in flight = SSL/TLS.
  • S3 endpoints:
    • HTTP – unencrypted (not recommended).
    • HTTPS – encrypted in transit, default for most clients.
  • Required for SSE-C; recommended for all workloads.

Forcing HTTPS (aws:SecureTransport)

  • Use a bucket policy with the aws:SecureTransport condition to deny non-HTTPS requests.
  • Ensures all data is encrypted in transit.
Example policy: Denies s3:GetObject if aws:SecureTransport is false.
Behavior:
  • HTTP requests are denied.
  • HTTPS requests are allowed.