From 62b971048ceafb3b05793ba706371b281a30059a Mon Sep 17 00:00:00 2001
From: Michael Krieg <michael@centrias.de>
Date: Thu, 8 Apr 2021 15:44:07 +0200
Subject: [PATCH] S3 buckets should require requests to use Secure Socket Layer

---
 controls/99-s3.rb | 4 ++++
 inspec.yml        | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/controls/99-s3.rb b/controls/99-s3.rb
index 516e7fa..41fe3b2 100644
--- a/controls/99-s3.rb
+++ b/controls/99-s3.rb
@@ -3,6 +3,7 @@
 control 's3-public-buckets-99.1' do
   title "S3 Public Buckets with Default Encryption enabled"
   desc "All your S3 Buckets should not be public accessible and the AES256 default Encryption should be enabled."
+  ref 'AWS Security Hub, Section S3.5', url: 'https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#s3-5-remediation'
 
   all_buckets = aws_s3_buckets.bucket_names
 
@@ -10,6 +11,9 @@
     describe aws_s3_bucket(b) do
       it { should_not be_public }
       it { should have_default_encryption_enabled }
+
+      ## S3 buckets should require requests to use Secure Socket Layer:
+      it { should have_secure_transport_enabled }
     end
   end
 
diff --git a/inspec.yml b/inspec.yml
index 3e06305..c84360c 100644
--- a/inspec.yml
+++ b/inspec.yml
@@ -5,7 +5,7 @@ copyright: Centrias Colocation GmbH
 copyright_email: support@centrias.net
 license: Apache-2.0
 summary: InSpec Baseline Profile for AWS account setup verification
-version: 1.4.1
+version: 1.4.2
 supports:
   - platform: aws
 inspec_version: ">= 4.25"