diff --git a/org-formation/080-aws-config-inventory/config.yaml b/org-formation/080-aws-config-inventory/config.yaml
index 4e69612a..f4a1c049 100644
--- a/org-formation/080-aws-config-inventory/config.yaml
+++ b/org-formation/080-aws-config-inventory/config.yaml
@@ -67,6 +67,16 @@ Resources:
             Condition:
               StringEquals:
                 's3:x-amz-acl': 'bucket-owner-full-control'
+          - Sid: AWSConfigBucketDenyInsecure
+            Effect: Deny
+            Principal: '*'
+            Action: 's3:*'
+            Resource:
+              - !Sub '${ConfigAuditBucket.Arn}'
+              - !Sub '${ConfigAuditBucket.Arn}/*'
+            Condition:
+              Bool:
+                'aws:SecureTransport': 'false'
 
   ConfigurationRecorder:
     Type: 'AWS::Config::ConfigurationRecorder'