diff --git a/lib/policyEvaluator/utils/conditions.ts b/lib/policyEvaluator/utils/conditions.ts index 81162ac47..299d10098 100644 --- a/lib/policyEvaluator/utils/conditions.ts +++ b/lib/policyEvaluator/utils/conditions.ts @@ -61,7 +61,7 @@ export function findConditionKey( case 'aws:referer': return headers.referer; // aws:SecureTransport – Used to check whether the request was sent // using SSL (see Boolean Condition Operators). - case 'aws:SecureTransport': return requestContext.getSslEnabled() ? 'true' : 'false'; + case 'aws:SecureTransport': return headers['x-forwarded-proto'] === 'https' ? 'true' : 'false'; // aws:SourceArn – Used check the source of the request, // using the ARN of the source. N/A here. case 'aws:SourceArn': return undefined; diff --git a/lib/policyEvaluator/utils/variables.ts b/lib/policyEvaluator/utils/variables.ts index 2b96faa9c..975b13b3a 100644 --- a/lib/policyEvaluator/utils/variables.ts +++ b/lib/policyEvaluator/utils/variables.ts @@ -38,7 +38,7 @@ function findVariable(variable: string, requestContext: RequestContext): string // aws:SecureTransport is boolean value that represents whether the // request was sent using SSL map.set('aws:SecureTransport', - requestContext.getSslEnabled() ? 'true' : 'false'); + headers['x-forwarded-proto'] === 'https' ? 'true' : 'false'); // aws:SourceIp is requester's IP address, for use with IP address // conditions map.set('aws:SourceIp', requestContext.getRequesterIp());