New AWS Security Feature To Stop Accidental S3 Public Exposure

Amazon introduced S3 Block Public Access feature, a new level of protection which gives potential to block public access to newly created and for existing buckets and objects.

The feature works both in the account level as well as for the individual buckets, the feature is accessible from the S3 console CLI, the S3 APIs, and from within CloudFormation templates.

S3 Block Public Access

Starting from now AWS account and bucket owner will four new options for managing public ACLs and two for managing public bucket function and these functions can be accessed by APIs also.

“We want to make sure that you use public buckets and objects as needed while giving you tools to make sure that you don’t make them publicly accessible due to a simple mistake or misunderstanding,” reads Amazon blog post.

AWS misconfiguration causes some major issues, because of misconfiguration number of companies exposed the data publically.

Starting last November Amazon bring’s up a Public indicator to show the list of buckets available in public and which are Not public.

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – websites and mobile apps, corporate applications, and data from IoT sensors or devices.

We heard about a number of Amazon bucket data exposures, where the companies exposed the sensitive data publically, one of the recent exposure was the web bucket belongs to ISP provider Pocket iNet, around 73 Gigabytes of data exposed.

Last August Godaddy leaked 18 million customers record with over 76M domain names, exposed data includes information such as hostname, operating system, workload, AWS region, memory and CPU specs, and more.