Do you have leaky S3 buckets? Find out if you should be worried and what you should do about it.
AWS Simple Storage Service (S3) is the most ubiquitous of the Amazon Web Services. It’s been around since the beginning of AWS, and integrates extremely well with most of the other services.
You’ve probably used something like it before. Dropbox, which used AWS S3 for 8 years, works in a pretty similar way. Upload your files and download them, from anywhere, at any time.
In this 3-part series, we go into exactly what AWS S3 does, how best to use it and set it up, and the considerations for it.
Many organisations also use S3 to serve HTML files.
If you need to host a static website, you could go with an Apache server. However, you’re likely to face issues of scale, availability, and durability.
These are non-issues when using S3.
- Scaling is automatic, and there are essentially no practical limits on storage capacity.
- Availability is guaranteed by the Service Level Agreement to 99.99% up-time, the most of any service on AWS.
- Durability is designed for 99.999999999% for any file over a year. Practically, this means that every 10,000 years, on average, you should only lose one file. This has never happened in the history of S3. You can say with almost certainty that the files will be there forever.
Like many other AWS services, pricing is calculated based on usage. Uploading to S3 is virtually free, but storage, downloading, and other requests to S3 will increase your monthly cost. Be sure to create your bucket in a region close to your end users, because data transfer cost between regions can add up very quickly.
So now that you know what it is, what it’s used for, and how you’ll be charged, how do you use it? The simplest way is to login to the AWS Console and go through the ‘create a new S3 Bucket’ wizard. This is normally where most developers’ problems start.
Sometimes, for convenience, developers will change S3 bucket configurations so that files are a bit easier to access and work with, without having to worry about permissions or IP address restrictions. However, not all S3 buckets have the same value. Some could contain logs meaningless to anyone without context, whereas others might host very sensitive info: personally identifiable information (PII) such as user email addresses, phone numbers, physical addresses, names, or even activity logs.
It’s extremely important to make sure that none of your S3 buckets are exposed to users that should not have access.
Imagine you have a hard drive sitting in your computer. You could, without realizing it, share this drive to your local network via simply ticking or unticking a box that you shouldn’t have.
On a much larger scale, S3 is similar. An S3 bucket is an internet directory anyone can read from or write to if its configurations have been set to public. You could expose your data and put your business at risk of appearing on national news.
At Cloud Conformity, we prefer to use S3 as temporary storage. If our buckets were misconfigured, we would expose our customer’s data to the public. Anyone could download encrypted information from our buckets and this data would be unusable. We have to be paranoid about our data security. Fortunately, we’re AWS pros 💪, here to share best practices and make the internet a safer place.
In Part 2 of this S3 series, we share our step-by-step guide to setting up AWS S3 like a pro!