avatarTeri Radichel

Summary

The provided content offers comprehensive insights into AWS S3 security, including best practices, configuration, automation, and troubleshooting for S3 buckets, with a focus on preventing public access and ensuring secure data storage and transfer in the cloud.

Abstract

The web content presents a series of articles and presentations by Teri Radichel on Medium, detailing various aspects of AWS S3 bucket security. It emphasizes the importance of never having a public S3 bucket except under specific, intentional circumstances. The articles cover topics such as securing S3 buckets with automation and templates, understanding S3 bucket configuration options, implementing bucket policies and logging, transferring files between buckets, and using S3 for CloudTrail and backups. Radichel also discusses cost-saving strategies, such as using lifecycle rules and S3 bucket keys, and addresses the use of S3 endpoints (now VPC endpoints). The content includes troubleshooting tips for S3 bucket policies and explores the implications of object ownership changes in AWS S3. Additionally, it provides resources for setting up an S3 bucket for a static website and highlights the risks of S3 bucket abuse, such as cryptominers. The articles are part of a larger series on automating cybersecurity metrics, and the content is complemented by presentations from events like the AWS Atlanta Summit and RSA Conference.

Opinions

  • Public access to S3 buckets should be avoided, with rare exceptions, to maintain security.
  • Automation and templates are key to securing S3 buckets efficiently.
  • Understanding the intricacies of S3 bucket policies and logging is crucial for proper access management and auditing.
  • Transferring files between S3 buckets, especially across different AWS accounts, requires careful consideration of permissions and configurations.
  • AWS S3 bucket abuse, such as the installation of cryptominers, is a significant concern that necessitates proactive security measures.
  • Implementing MFA Delete for S3 buckets adds an extra layer of security to prevent unauthorized deletions.
  • Cost optimization strategies, like using lifecycle rules and S3 bucket keys, are important for managing AWS expenses.
  • The recent changes to object ownership in AWS S3 buckets have security implications that users need to understand and adapt to.
  • The use of S3 endpoints (now VPC endpoints) is an underestimated security control that should be utilized effectively.
  • The content positions AWS S3 as a versatile service for various use cases, including hosting static websites and storing CloudTrail logs.

AWS S3

Stories about AWS S3 and S3 buckets by Teri Radichel on Medium and related AWS security presentations

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Application Security | S3 | AWS Security

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Stories about AWS bucket security and attacks on AWS S3 buckets. Learn how to never have a public S3 bucket and how to secure and encrypt your S3 buckets with KMS keys, bucket policies, IAM and trust policies. Create a bucket for an AWS service or share files in a bucket across AWS Accounts. Understand object ownership and how it affects your AWS and cloud security.

Pop Quiz — how do S3 bucket policies and logging really work?

You never need to enabled public access on a bucket — and you should not except in very, very rare, intentional, and necessary purposes.

Using automation and templates to secure S3 buckets.

S3 bucket configuration options.

S3 bucket for access logs (to log access to another S3 bucket)

AWS recently changed how object ownership works in S3 buckets. This includes an explanation of objects vs. files.

A generic S3 bucket template. Use the same template to deploy multiple S3 buckets instead of writing the same code over and over again.

Log who accesses your S3 buckets — and why it matters.

S3 bucket policies can be difficult and confusing to implement properly. Here are some troubleshooting tips.

Considerations for transferring files between S3 buckets.

Transferring files between S3 buckets.

An S3 bucket for CloudTrail and related AWS Services.

AWS S3 replication for backups.

Copying files in S3 buckets between accounts.

MFA Delete for S3 buckets — when it works and when it doesn’t.

Are you using S3 endpoints (now VPC endpoints?)

Information about AWS S3 bucket abuse (RSA Presentations):

Cryptominers in S3 buckets.

S3 security — blog archives

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
S3
Bucket
Security
Policy
Topics
Recommended from ReadMedium
avatarAlice the Architect
AWS CloudFront Geo Restriction: Control Content Access by Location

Learn how to control content access using AWS CloudFront Geo Restriction with allowlists, blocklists, and Geo-IP databases.

4 min read
avatarVinayak Pandey
S3 Malware Scanning Using GuardDuty

Reference: https://aws.amazon.com/blogs/aws/introducing-amazon-guardduty-malware-protection-for-amazon-s3/

2 min read
avatarNagarjun Nagesh
AWS Step Functions with EventBridge to Trigger S3 Events

Introduction

4 min read
avatarLorena Gongang
How I build an ETL pipeline with AWS Glue, Lambda, and Terraform

A Step-by-Step Guide

12 min read
avatarFernando De Nitto
Automating AWS Glue Table Version Cleanup with AWS Lambda

Managing data in AWS Glue can sometimes present challenges, especially when dealing with large datasets that require frequent updates and…

9 min read
avatarChristopher Adamson
Implement Automated Infrastructure Deployments with CloudFormation

Managing infrastructure deployments and configurations manually can be time-consuming and error-prone. AWS CloudFormation provides a…

9 min read