S3 general purpose buckets should have static website hosting disabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
AWS S3 bucket website hosting should not be enabled because it increases the chance of accidentally exposing sensitive data and does not consistently support HTTPS, potentially leading to insecure connections and data interception. Additionally, it lacks advanced security features such as authentication, DDoS protection, and detailed access logging, which are provided by services like CloudFront. S3 bucket website hosting is also incompatible with the S3 Block Public Access (BPA) feature when all BPA controls are enabled.
For guidance on securely configuring static S3 website hosting, refer to the Restrict access to an Amazon Simple Storage Service origin section of the Amazon CloudFront Developer Guide.
