How To Eliminate Leaky S3 Buckets Without Writing A Line Of Code

How To Eliminate Leaky S3 Buckets Without Writing A Line Of Code

By AJ Yawn, CISSP


FedEx. Booz Allen Hamilton. Republican National Committee. Dow Jones & Co. Verizon Wireless. Time Warner Cable. WalMart.


These eight organizations all have the same thing in common: Leaky S3 buckets that were misconfigured and exposed sensitive customer data. Amazon S3 (or Simple Storage Service) bucket misconfigurations and breaches continue to show up in cybersecurity publications. A disappointing fact considering how newsworthy these breaches have been.


Amazon S3 is an object storage service on Amazon Web Services (AWS) that provides customers with infinitely scalable and durable storage for websites, mobile applications, backup and restore, and many other use cases. This service is one of the original services on AWS and is often the first entry point into the cloud for organizations that are migrating to the cloud.


Why do misconfigurations of S3 buckets keep happening?


I ask myself the same question.


This is another case of “user error” being trotted out as the reason why organizations are breached due to misconfigured settings on an S3 bucket. I agree that a user plays a significant and lead role in these misconfigurations.


I mean, AWS asks you to type in “confirm” before making a bucket public.
Support the originator by clicking the read the rest link below.