I received an email about updating the connection of an s3 bucket, from TLS 1.0 to TLS1.2 because the following connection has been detected:
eu-west-3|bucket| REST.GET.OBJECT|TLSv1|62|[BPImageWalker/2.0 (www.bdbrandprotect.com)]
But I have been unable to detect where it comes from, since it is a bucket where WordPress images are uploaded through a plugin that already uses version 1.2.
Any ideas?
I have made queries with cloudtrail to detect TLS 1.0 connections and the results are 0. So I don't understand where this connection comes from
I'm in a similar position. Got an email that flagged 3 of my buckets, and all 3 of them happen to be public.
Chances are your bucket is public in some form or fashion too, and as such anyone who can resolve and test the canonical S3 url may be able to access it.
Some extra info on that particular user agent was a little difficult to dig up, however:
So that appears to be from a research/securitu company looking for vulnerabilities, which may explain why it is checking on such an old SSL version.
The good news is that with my current understanding of that email, if you are not directly needing TLS 1.0 or 1.1 for your own application needs, you don't need to do anything to mitigate the deprecation. It would, however, be recommended that you place other services/protections/permissions in place so that you are not at further risk of attack from outside entities, as per amazon's general guidelines for typical use cases. In general, read access should be done through CloudFront to both act as a potential attack mitigator, as well as to buffer read costs on your bucket, which could add up if, for example, a bad actor decided to read files a bunch of times. Definitely look at your use cases and to what's best for you, and not just blindly take advice from the internet regarding something that has billing consequences, these are just my best guesses based on limited information of your situation.