--- title: S3 bucket policy accepts HTTP requests description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > S3 bucket policy accepts HTTP requests --- # S3 bucket policy accepts HTTP requests {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}). {% /alert %} {% /callout %} ## Metadata{% #metadata %} **Id:** `terraform-aws-s3-bucket-policy-accepts-http-requests` **Provider:** AWS **Platform:** Terraform **Severity:** Medium **Category:** Encryption #### Learn More{% #learn-more %} - [Provider Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy#policy) ### Description{% #description %} S3 bucket policies should explicitly deny unencrypted (HTTP) requests by using the `"Condition": { "Bool": { "aws:SecureTransport": "false" } }` block. Without this condition, users can transmit sensitive data over unencrypted HTTP connections, exposing objects in the bucket to interception and man-in-the-middle attacks. To ensure all traffic uses HTTPS, set the following policy condition: ``` "Condition": { "Bool": { "aws:SecureTransport": "false" } } ``` This prevents insecure access and protects data integrity during transmission. ## Compliant Code Examples{% #compliant-code-examples %} ```terraform resource "aws_s3_bucket" "b" { bucket = "my-tf-test-bucket" } resource "aws_s3_bucket_policy" "b" { bucket = aws_s3_bucket.b.id policy = <