This post covers using AWS Config as a starting point to find public s3 buckets in your organization.
Use AWS Config to locate AWS resources
This post covers how to secure an S3 bucket serving content through Cloudflare
This site now uses CloudFlare
AWS CloudWatch enables monitoring and alerting on cloud events.
AWS Security Hub eases the pain of cloud monitoring
Help protect APIGW from attackers with AWS WAF
AWS CloudTrail is the cornerstone of cloud SECOPS
The Problem Secure file sharing using AWS S3:
I upload a file to an S3 bucket with restricted permissions The client downloads the file and processes it The client uploads the results to the S3 bucket I download the processed file and the transaction is complete I thought setting the permissions on the bucket would be enough.
This morning, while I was trying to proxy traffic to this site in Burpsuite, I ran across an SSL handshake error. Googling the issue returned this helpful article that got me started on the right path.
In a previous post I discussed the complicated process of configuring S3 to use Letsencrypt to obtain a TLS certificate. That post served as a reference for me to re-implement Letsencrypt every 90 days.
It’s early 2016, and there are a multitude of content management systems and blog platforms out there:
Wikipedia’s List of Content Management Systems The security blog I contribute to, Penetrate.