Json Yaml Insecure Transport Policy
Description
Identifies AWS S3 bucket policies in CloudFormation templates that do not properly enforce secure transport (HTTPS). This creates security risks by potentially allowing unencrypted data transmission over HTTP.
Detection Strategy
• Search for CloudFormation resources with type 'AWS::S3::BucketPolicy'
• Examine policy statements to verify secure transport enforcement
• Report a vulnerability if the bucket policy does not require HTTPS/SSL for data transmission
• Check if aws:SecureTransport condition or equivalent controls are missing or incorrectly configured
Vulnerable code example
Resources:
MyBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: example-bucket
PolicyDocument:
Version: 2012-10-17
Statement:...✅ Secure code example
Resources:
MyBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: example-bucket
PolicyDocument:
Version: 2012-10-17
Statement:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.