Project Description
Identify any instances or ECS tasks at risk of data exposure.
Summary:
Ensure all EC2 and ECS services does not allow excessive S3 or DynamoDB access through a missing required VPC Endpoint or misconfigured VPC endpoint policy.
Supported Issue Types:
An EC2 or ECS service found with excessive S3 or DynamoDB access via a misconfigured VPC endpoint policy or missing required VPC Endpoint.
Supported Actions:
- Restrict the access of S3 or DynamoDB
- Removed exposed data
- Create compliant VPC Endpoint
Platform:
Related Articles
Fashion App’s Faux Pas: Open Buckets of (21) Buttons
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
Supercharging Security Hub: Part 4, Taking Action
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.
