Friday, July 19, 2019
Amazon Simple Storage service (S3) is an object storage service from Amazon Web Services (AWS) that allows customers to store and protect their data. For many companies, however, managing access control in S3 has remained a challenge, with several organizations making headlines by unintentionally exposing their objects. Fortunately, this can be prevented if customers know how to use the fundamental controls available to correctly define access to S3 buckets and the objects they store.
In this article from Richard Vega, TME - Public Cloud Security at Palo Alto Networks, learn how to make the most of access controls in S3. He’ll walk through the differences between S3 ACLs, S3 bucket policies and user-based policies, in addition to the order of precedence when a combination is used.
Fuel for Thought
Fuel member Charles Buege had this takeaway to share: “Always try to use a 'least privilege approach' when assigning security. While granting access to a user is good, you should never grant more access than is necessary. This is not from an 'I don't trust the user' perspective, but rather the perspective of, 'I'm trying to protect the system in case the user's system becomes compromised and they don't realize it.’”
More to Explore
Check out these Fuel blog posts for further reading: