S3 buckets should require requests to use Secure Socket Layer

centriascolocation · Apr 8, 2021 · 62b9710 · 62b9710
1 parent 0dca76b
commit 62b9710
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/controls/99-s3.rb b/controls/99-s3.rb
@@ -3,13 +3,17 @@
 control 's3-public-buckets-99.1' do
   title "S3 Public Buckets with Default Encryption enabled"
   desc "All your S3 Buckets should not be public accessible and the AES256 default Encryption should be enabled."
+  ref 'AWS Security Hub, Section S3.5', url: 'https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#s3-5-remediation'
 
   all_buckets = aws_s3_buckets.bucket_names
 
   all_buckets.each do |b|
     describe aws_s3_bucket(b) do
       it { should_not be_public }
       it { should have_default_encryption_enabled }
+
+      ## S3 buckets should require requests to use Secure Socket Layer:
+      it { should have_secure_transport_enabled }
     end
   end
 

diff --git a/inspec.yml b/inspec.yml
@@ -5,7 +5,7 @@ copyright: Centrias Colocation GmbH
 copyright_email: [email protected]
 license: Apache-2.0
 summary: InSpec Baseline Profile for AWS account setup verification
-version: 1.4.1
+version: 1.4.2
 supports:
   - platform: aws
 inspec_version: ">= 4.25"