Aws Best Practices

Secure your S3 buckets!

Security AWS Sysadmin S3

What do Dow Jones, the Republican National Committee, the WWE, Department of Defense contractors, Verizon and now Viacom have in common? They have all had data exfiltrated from their companies from misconfigured S3 buckets. What’s worse this time is that the bucket that was exposed was basically a set of master keys hidden under the doormat. Puppet scripts including passwords, access keys, master AWS credentials all kinds of scary things. All this comes after widespread coverage the issue and attempts from amazon to warn customers with publicly available data in their buckets.

Read more →