Hardly a week goes by that we don’t hear about an organization leaving sensitive data exposed on the Internet because they failed to properly configure their Amazon S3 buckets.
Amazon Web Services, to their credit, are trying to prevent this from happening.
For one, all newly created S3 buckets and objects (files and directories in the bucket) are by default private, i.e. not publicly accesible by random people via the Internet. Secondly, changes implemented earlier this year made it possible for customers to easily identify S3 buckets that are publicly accessible due to Access Control Lists (ACLs) or policies that allow read/write access for any user.
But even that’s not enough, so the company is rolling out a new security feature: Amazon S3 Block Public Access.
This new feature allows account owners/administrators to centrally block existing public access (whether made possible via an ACL or a policy) and to make sure that newly created items aren’t inadvertently granted public access.
Read more: Help Net Security