🔥Puzzle: S3 HTTPS Only Via Bucket Policy

Kyler Middleton
1 min readJan 12, 2022

Hey all,

I was charged with thinking up a challenging AWS policy question around S3, and I thought, all the policies around resources are hard, especially S3. I mean, there is a reason unsecured S3 bucket data leaks hit the news like clockwork every month or so — resources policies are HARD.

Does this S3 bucket policy require HTTPS access?

As part of my new job, I get the wonderful opportunity to educate the world, so I created a puzzle for you to solve! Check out the above S3 bucket policy — does it require HTTPS access only? Is our sensitive data not not secure?

You can find the twitter post and vote on it here:

Please come share your opinion on how secure this policy is, and you might also find a mini capture the flag that I embedded in this puzzle.

And be on the lookout for lots more puzzles and blogs from me! I’m thrilled to be paid to educate the world, and that includes you!

Good luck out there.



Kyler Middleton

DevNetSecOps, DevRel, cloud security chick. I will teach you, it’s unavoidable. She/Her 🏳️‍🌈🏳️‍🌈, INFJ-A, support the EFF!