AWS S3 Bucket policy to only allow SSL requests

To ensure only s3 actions are allowed only when there is an SSL request, you can apply to following s3 bucket policy to achieve this

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Allow SSL Requests Only",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::{{BUCKET_NAME}}",
                "arn:aws:s3:::{{BUCKET_NAME}}/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        },
        {
            "Sid": "Allow SSL Requests Higher Than 1.2 Only",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::{{BUCKET_NAME}}",
                "arn:aws:s3:::{{BUCKET_NAME}}/*"
            ],
            "Condition": {
                "NumericLessThan": {
                    "s3:TlsVersion": "1.2"
                }
            }
        }
    ]
}

Replace the value {{BUCKET_NAME}} with your s3 bucket name and you should be good to go

To test that it works, you can run the following command using the aws cli, replacing the {{BUCKET_NAME}} again with the same value you used above

aws --endpoint-url http://s3.us-east-1.amazonaws.com s3api list-objects --bucket {{BUCKET_NAME}}

You should get an access denied error from running the command above

After which, run the command below and the request should succeed

aws --endpoint-url https://s3.us-east-1.amazonaws.com s3api list-objects --bucket {{BUCKET_NAME}}

There you have it, this s3 bucket policy will ensure only ssl requests to your bucket are allowed