This rule checks whether an OSS bucket policy enforces HTTPS for read and write operations or explicitly denies HTTP access.
Scenarios
Restrict an OSS bucket to HTTPS-only access to improve the security of data in transit.
Risk level
Default risk level: Low.
You can change the risk level as needed.
Detection logic
-
An OSS bucket is compliant if its access policy enforces HTTPS for read and write operations or explicitly denies HTTP access.
-
An OSS bucket is non-compliant if its access policy allows read and write operations over HTTP or does not explicitly deny HTTP access. To fix this issue, see Remediation.
Rule details
|
Parameter |
Description |
|
Rule name |
Use an OSS bucket policy to configure secure access |
|
Rule identifier |
oss-bucket-only-https-enabled |
|
Tags |
OSS, Bucket, BucketPolicy |
|
Automatic remediation |
Not supported |
|
Rule trigger |
Configuration change |
|
Supported resource types |
OSS bucket |
|
Request parameters |
None |
Remediation
To authorize users to access a specific OSS bucket, see Grant users access to specific resources using a bucket policy.