How To Configure SSL For Amazon S3 Bucket?

Amazon S3 bucket is like a virtual storage container in the cloud where we can securely store and manage our files like images, videos, documents, etc. Configuring SSL (Secure Socket Layer) for our S3 bucket is important, as we store our valuable information in it. In simple terms, it is like setting up an encrypted connection between our system and the S3 bucket. It ensures that the data transferred between them will remain secure and safe, protecting them from any unauthorized activities. In this tutorial, we will see how to configure SSL for the Amazon S3 bucket.

SSL for Amazon S3 Basics

SSL (Secure Sockets Layer) encrypts the data exchanged between the client (i.e., website) and server (i.e., S3 bucket in his case) and ensures that the data transferred between them is safe and secure and can’t be intercepted by anyone, as it is very important in the cloud environment.

Let’s break down how SSL works in simple steps

• The first and foremost step is ‘Handshake.’ In this method, the browser establishes a secure connection with the server, and they both connect on some encryption parameters and can be able to access the required information. Also, here, the server provides the digital certificate, and on the client side, it verifies the certificate and establishes a connection.
• Next, the client encrypts the data using the shared secret key and that encrypted data is sent to the server decrypts the data using the same shared secret key which is shared by the client.

Pre-requisites:

• Knowledge on AWS
• Created S3 bucket

Steps to Configure SSL for Amazon S3 Bucket

Step 1: Log in to your AWS console from here, and in the search bar, just search for ‘S3‘ and open it. Make sure that you have created the S3 bucket before, and the home page will show as shown below.

Step 2: Now click on the bucket you have created and click on the third tab ‘Permissions’ as shown below and you will be redirected to the S3 bucket permissions page.

Step 3: Now on the permissions page scroll down and you can see the ‘Bucket policy’ option and click on Edit as shown below

Step 4: Now in the Edit bucket Policy page enter the below json file and make sire that you replace the 10th and 11th line with your ‘Bucket ARN’ where you can find on the same page as shown below

{
  "Id": "ExamplePolicy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowSSLRequestsOnly",
      "Action": "s3:*",
      "Effect": "Deny",
      "Resource": [
        "arn:aws:s3:::DOC-EXAMPLE-BUCKET",
        "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
      ],
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      },
      "Principal": "*"
    }
  ]
}

Step 5: After making the changes as shown below and scroll down to the end of the page and click on ‘Save Changes’ and we can see that the SSL policy is successfully attached to the S3 bucket .

Step 6: After Successfully adding SSL Policy to our S3 bucket we can verify the same by going to the site and click on ‘View Site information’ and click on first option ‘Connection is Secure’ and we see the ‘Certificate is Valid’ and can view the SSL certificate by clicking on it as shown below.

SSL for Amazon S3 – FAQ’s

Do we need to pay anything to SSL certificate for S3 bucket?

No SSL certificates for the bucket are managed by Amazon and are provided at no additional cost.

Can we use our own custom domain with SSL for an S3 bucket?

Yes we can configure SSL for a custom domain using Amazon CloudFront in front of the S3 bucket.