Public buckets
Public buckets are one of the largest health risks to AWS and S3. Large amounts of data leaks have been reported due to misconfigurations in S3 due to a poor security posture. Some of the issues that have been reported are as follows:
- A lack of monitoring of S3 buckets. Without monitoring, there really isn't a stable way to check access to your S3 environments.
- A lack of testing and auditing of S3 environments proves to be a security issue. Something as simple as a vulnerability assessment or even a simple pentest would help highlight issues that can be easily fixed.
- Relaxed policies are another issue. If policies let too many users access S3 resources, issues could arise if those accounts become compromised.
Popular opinions revolving around the security of S3 highlights that monitoring will heighten the security posture of S3; however, monitoring is only half the battle. As we saw, having an overly permissive policy can also allow users...
