The use of Amazon Simple Storage Service S3 is becoming more and more widespread, being used in a multitude of use cases: sensitive data repositories, security log storage, integration with backup tools…, so we must pay special attention to the way we configure our buckets and how we expose them to the Internet.
In this post we will talk about 10 good security practices that will allow us to manage our S3 buckets correctly.
Let’s get started.
1 – Block public access to S3 buckets across the organization
By default, the buckets are private and can only be used by the users of our account, provided that they have set the correct permissions.
Additionally, the buckets have an “S3 Block Public Access” option that prevents the buckets from being considered public. This option can be enabled or disabled for each bucket in your AWS Account. To prevent a user from deactivating this option, we can create an SCP policy in our organization so that no AWS Account member of the organization can do so.
[Read more…]