Slashdot Mirror

← Back to Stories (view on slashdot.org)

AWS Rolls Out New Security Feature To Prevent Accidental S3 Data Leaks (zdnet.com)

Posted by msmash on from the interesting-moves dept.

Amazon's Web Services division rolled out new security features to AWS account owners last week that are meant to prevent accidental data exposures caused by the misconfiguration of S3 data storage buckets. From a report: Starting today, AWS account owners will have access to four new options inside their S3 dashboards under the "Public access settings for this account" section. These four new options allow the account owner to set a default access setting for all of an account's S3 buckets. These new account-level settings will override any existing or newly created bucket-level ACLs (access control lists) and policies. Account owners will have the ability to apply these new settings for S3 buckets that will be created from now onwards, to apply the new setting retroactively, or both.

4 of 32 comments (clear)

  1. S3? by jfdavis668 · · Score: 3, Funny

    I didn't know my video card could leak. I'll have to open it up and check.

  2. This is a much needed thing... even I can do it. by ctilsie242 · · Score: 3, Funny

    This is an absolute no brainer, and IMHO, a must have. Log onto AWS, go to S3, check four checkboxes, type in "confirm", hit OK, and not worry about public buckets again, unless someone explicitly logs in as a root/admin user and unchecks them.

    Hopefully more AWS customers do this.

  3. Re:Jesus christ by Njovich · · Score: 3, Informative

    I didn't say disable access, I said disable public file listings. I think people that want to sell access can manage to make a listing of the files they want to make accessible. Or make it a very hard to enable option or something like that.

  4. Re:That is the "moron" option, apparently by ctilsie242 · · Score: 2

    In my experience, and I had a time where I bounced among a number of companies, the person with AWS access often times has no clue what they are doing, is likely using the root account itself, rather than a sub account with admin privs, and just needs things to work so the dev team can get their code going. Their goal is to get stuff up and running, even if it means ignoring security issues, since the SCRUM master and their boss is going to call them out on missed deliverables on a daily basis, but security guidelines missed and S3 buckets left public won't be something that the developer would be facing direct consequences for their actions.