AWS security issues show up in tech news fairly often. Today, we talk with someone who wrote about AWS services other than S3 that were found exposed to the public. Could that be some of your services?
Could be. The numbers are pretty impressive. Stay tuned, and find out how to determine whether or not your EBS snapshots, RDS snapshots, AMIs, or ElasticSearch clusters are accidentally public.
We start by exploring the types of AWS resources that can be unintentionally exposed to the public Internet, how to find them, and how to lock them down.
Then we talk about general practices such as vulnerability scanning, how to minimize human error when configuring AWS services, and drill into options such as CloudMapper and Security Monkey, open-source tools to help administrators find and control AWS resources.
Scott Piper’s blog – Duo.com
Scott Piper on GitHub – GitHub
Beyond S3: Exposed Resources on AWS – Duo.com
CloudMapper – GitHub
CloudTracker – GitHub
Netflix Security Monkey – GitHub
Datanauts 086: AWS Identity & Access Management Policies – Packet Pushers
Datanauts 106: Controlling AWS Costs – Packet Pushers