AWS S3 leaks have reappeared in headlines time and time again. When an AWS S3 bucket is configured as open to the public, anyone who finds the link can access the data without any additional hacking.
So, the question is, how can you avoid it?
As we know that all S3 leaks are related to misconfigurations, here are the rules:
- Block public access on the account level. These settings apply account-wide for all current and future buckets and access points. In case you need to allow public access to one or more buckets, override the setting on the specific bucket.
- Grant permission to your Amazon S3 resources trough IAM Policy, so only authenticate IAM users or IAM rules would be able to access the buckets.
- Use a bucket policy only if you can't achieve the same result with IAM Policy. It’s quite easy to mistakenly add a statement that publishes all the content publicly.
- Never use an S3 bucket ACL.
- Don't mix public data and private data in the same bucket.
- Name the bucket in a way that everyone will know whether it contains private or public data.
- Use Dome9 compliance rule sets and policy for running constant automatic checks against your buckets' configuration, to find non-compliant organization policy buckets.
Want to know more about how to write a Dome9 GSL query that checks if you have any buckets with public access? Check out our cloud security posture repository (CSPR) here
