Find public facing S3 buckets.
The accidental or deliberate exposure of private data stored in Amazon S3 is a persistent issue. S3 buckets can become public through multiple mechanisms, and keeping track of all of them can be difficult. This Op checks bucket policies and Access Control Lists for the most common inadvertent exposures.
DisruptOps users can choose to lock down the Bucket policy to pre-approved IP addresses, or tagged the instance as approved for Internet access.
Supported Issue Types:
The bucket has an ACL with Public access
- The bucket has an ACL with public permissions
The bucket’s policy allows 0.0.0.0/0 access
- A statement in the bucket policy allows open access from 0.0.0.0/0
- Restrict access to approved IP address
- Tag bucket as public
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.