S3 - Security
Following are some interesting security scenarios :-
Many times S3 bucket are open to world and allows un-authorized read and write access. This was the major reason for CapitalOne breach.
In order to list objects in a S3 bucket named "test-bucket" simply either visit
https://test-bucket.s3.amazonaws.comor perform the following API call.
aws s3 ls s3://test-bucket
We share a research done by RhinoSecurity team which is cloud's equivalent for Ransomware in S3. S3 bucket with write access can be encrypted with a KMS key which belongs to attacker's account. In this case, the owner of bucket will not be able to decrypt the content since the encrypted key doesn't belong to his account. Once the bucket has been encrypted, attacker can leave ransom.txt as a ransom note and ransom the bucket.
Many times users make sure to not make bucket public but a misconfigured bucket policy makes a bucket public indirectly.
For example consider the below bucket policy :-
This policy is a vulnerable S3 policy which indicates that Anyone on internet can download objects from my bucket
Here the vulnerable part is the Principal field which is
*which indicates that anyone on internet can download objects. Assuming there is a object called
note.txtthen to download the object one has to just make the below curl request