AWS Introduces Controls to Block Public Access to S3 This week, Amazon Web Services (AWS), introduced a new feature that allows administrators to block public access to their data. This is to reduce the number of data leaks due to mismanaged Amazon S3 buckets. The “Amazon S3 Block Public Access” feature is actually a set of four security settings that administrators can activate or disable across their entire AWS account, or per-bucket basis. Once the settings have been turned on, they will apply to the current environment as well as any future buckets. In a blog post, Jeff Barr, AWS evangelist, stated that you have the ability to block public access to existing items (whether it was specified in an ACL [access control lists] or a policy) as well as to prevent public access to new items. Blocking public access to an AWS account that is used to host a business application or data lake will protect it from accidental public exposure. Our goal is to clarify that web hosting is not allowed to public access. These settings can be accessed via S3 console, command-line interface, or S3 API.

Posted on By Dave
  • Block new public ACLs, and upload public objects
  • Public access to public ACLs must be removed
  • Block all new public bucket policies
  • Block public and cross-account acces to buckets with public policies

Barr said administrators can apply the settings in one way to their entire account and in another way to individual buckets. The protections are additive if I set some options on the account level and others for a bucket. If a user wishes to create a new bucket the original security settings will still apply. However, the user will need to disable or enable the settings manually for the bucket that requires a different level public access to the rest of the account. S3 buckets are not accessible to the public by default. However, there have been numerous instances where organizations have misconfigured their S3 buckets. This has resulted in the exposure of personal data of hundreds and millions of people as well as data that is critical to organizations’ security infrastructure. AWS has taken several steps in order to address the problem. They have released S3-specific security features and tools, and they have even warned users to lock down their buckets. This is the latest step in this effort.

Uncategorized

Related Posts

Implementing the technicalities of project management Uncategorized
Roadmap to Success: MCSE Messaging Uncategorized
Podcast by PM Today: Transforming the PMO Capacity at The Maritime and Coastguard Agency Uncategorized
How to talk about cybersecurity risks and rewards with your customers Uncategorized
Pivotal Cloud Foundry comes to AWS Quick Start Uncategorized
Featured Hawaii Weddings from MarryMeHawaii Uncategorized