AWS Cloud Security for Beginners — Part 2

In the previous part of this series, we set up our free-tier account and then configured AWS CLI. In this article, we will discuss S3 buckets and the security concepts associated with them.

What is Amazon S3? Amazon Simple Storage Service (Amazon S3) is storage for the Internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. You can accomplish these tasks using the simple and intuitive web interface of the AWS management console.

It is also possible to interact with S3 buckets and objects using AWS CLI as well as the Amazon S3 application programming interface (API) as a developer.

This section shows two different scenarios with S3 misconfigurations. We will explore both of these scenarios in turn: public bucket-public object, and private bucket-public object.

The AWS management console has a simple and easy-to-use interface to interact with S3 buckets.

Log into your AWS management console and navigate to Services | Storage | S3. It looks as shown below.

As you can see, there are no buckets available yet in S3. Let’s create a new bucket by clicking the + Create bucket button.

Enter a unique bucket name as shown in the preceding figure. This name must be unique across all the existing buckets in Amazon S3. In this example, labbucket123 was chosen to be the bucket name and is available.

Click Next, and you should see that all the properties (such as logging and encryption) are disabled by default. We’re not changing them now, so let’s click Next again and choose the permissions as shown below.

Finally click Next, review all the settings and click Create bucket.

Let’s simulate that we want to store some sensitive files in this bucket. We can do it by (Read more...)