{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Only Allow Secure Transport",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "${bucket_arn}",
                "${bucket_arn}/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}