back to article AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things

At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing data stored on its S3 (Simple Storage) service to world+dog. "Access Analyzer for S3 is a new feature that monitors your access policies, ensuring that the policies provide only the …

  1. Bronek Kozicki Silver badge
    Paris Hilton

    Customers can enable Access Analyzer

    ... but is it free?

    1. Anonymous Coward
      Anonymous Coward

      Re: Customers can enable Access Analyzer

      Access Analyzer for S3 is available at no additional cost in the S3 Management Console in all commercial AWS Regions, excluding the AWS China (Beijing) Region and the AWS China (Ningxia) Region. Access Analyzer for S3 is also available through APIs in the AWS GovCloud (US) Regions.

      1. This post has been deleted by its author

    2. bobdylan123

      Re: Customers can enable Access Analyzer

      Yes it's free.

      "Access Analyzer for S3 is available at no additional cost in the S3 Management Console in all commercial AWS Regions, excluding the AWS China (Beijing) Region and the AWS China (Ningxia) Region. Access Analyzer for S3 is also available through APIs in the AWS GovCloud (US) Regions."

      I think this is just a response to the high-profile 'blunders' which have been down to human error (but looks bad on AWS unfairly). This will be just another resource which AWS can say 'look - we have this easy to use, free tool for them, yet the user is still an idiot and ignored it or any of the other best practice advice we have given'.

      For example when you make a bucket public it alerts you and is very visible on the console afterwards. A person also will need to deliberately attach an open resource policy to the bucket, yet this still isn't enough.

      1. robert_swift
        Big Brother

        Re: Customers can enable Access Analyzer

        It is free, although as I and a fellow AWS user discovered, there is at least one strange behaviour as we noted on their forum: https://forums.aws.amazon.com/thread.jspa?messageID=925452

        Definitely odd that their own tooling showed an impossible-for-the-customer-to-achieve configuration, that has magically vanished, and a slight worry as this related to AWS managed key in KMS!

  2. Anonymous Coward
    Anonymous Coward

    dropped the veil

    Bloody Americans. It's lifted the veil, not dropped.

    If you drop a veil it means you are hiding something, whereas when you lift the veil you reveal it.

    1. Fading
      Coat

      Re: dropped the veil

      Except during the dance of the seven veils........

  3. iron Silver badge

    > "So basically we need to reconfigure everything."

    If you'd configured everything correctly in the first place, actually not that hard despite appearances, then you wouldn't have a problem.

    1. Anonymous Coward
      Anonymous Coward

      Sometimes policies have unforeseen consequences. Or you fuck it up. Or your scale makes it really hard to validate. Or other reasons.

  4. FuzzyWuzzys
    Facepalm

    So....

    ...basically it looks at AWS accounts and sends you an email saying..."REMOVE THE FECKING PUBLIC ACCESS ON YOUR S3 BUCKKETS NOW OR LOSE YOUR JOB YOU MUPPET!!".

    1. Robert Helpmann?? Silver badge
      Childcatcher

      Re: So....

      "...OR LOSE YOUR JOB YOU MUPPET!!".

      Sometimes I wonder if Kermit the Frog would do a better job than some folks I have had the misfortune of working with, so fair comment on a number of levels.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019