S3 general purpose buckets should have static website hosting disabled

s3
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

AWS S3 bucket website hosting should not be enabled because it increases the chance of accidentally exposing sensitive data and does not consistently support HTTPS, potentially leading to insecure connections and data interception. Additionally, it lacks advanced security features such as authentication, DDoS protection, and detailed access logging, which are provided by services like CloudFront. S3 bucket website hosting is also incompatible with the S3 Block Public Access (BPA) feature when all BPA controls are enabled.

Remediation

For guidance on securely configuring static S3 website hosting, refer to the Restrict access to an Amazon Simple Storage Service origin section of the Amazon CloudFront Developer Guide.