AWS S3 Bucket Policy Gone Wrong

A “Curious Dev” was trying to play around with AWS S3 bucket policy.*Statutory warning: Curiosity kills. Never try this stunt while at work. Organizations as big as U.S. Pentagon have faced the music because of this.

The ‘Principal’ element in the policy code specifies the user, account, service, or other entity that is allowed or denied access to a resource residing in AWS S3 bucket. There have been several cases reported across the world about how S3 buckets lead to data leakage. In most cases, that ‘star’ is the culprit.

For more information, visit AWS’ Principal page in the IAM User Guide. To know more about how to restrict Amazon S3 Bucket access to a specific IAM role, click here.

Share your experiences with us.

And don’t forget to follow us on twitter @totalcloudio for such comics.

Originally published at blog.totalcloud.io on March 20, 2018.

AWS S3 Bucket Policy Gone Wrong was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.

Publication date: 
07/27/2018 - 10:41
Author: 
Disclaimer

The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.