All Products
Search
Document Center

Cloud Config:Use an OSS bucket policy to configure secure access

Last Updated:Jun 16, 2026

This rule checks whether an OSS bucket policy enforces HTTPS for read and write operations or explicitly denies HTTP access.

Scenarios

Restrict an OSS bucket to HTTPS-only access to improve the security of data in transit.

Risk level

Default risk level: Low.

You can change the risk level as needed.

Detection logic

  • An OSS bucket is compliant if its access policy enforces HTTPS for read and write operations or explicitly denies HTTP access.

  • An OSS bucket is non-compliant if its access policy allows read and write operations over HTTP or does not explicitly deny HTTP access. To fix this issue, see Remediation.

Rule details

Parameter

Description

Rule name

Use an OSS bucket policy to configure secure access

Rule identifier

oss-bucket-only-https-enabled

Tags

OSS, Bucket, BucketPolicy

Automatic remediation

Not supported

Rule trigger

Configuration change

Supported resource types

OSS bucket

Request parameters

None

Remediation

To authorize users to access a specific OSS bucket, see Grant users access to specific resources using a bucket policy.