Reply to post: S3 bucket default is *private* to that account

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records

Anonymous Coward
Anonymous Coward

S3 bucket default is *private* to that account

Check out: http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html for details.

This has *always* been the case; users have to explicitly set permissions for buckets / objects to be accessible outside of their account (authenticated users, or everyone).

Note that there is also clear guidance on security responsibilities (the "AWS shared responsibility model") here: https://aws.amazon.com/compliance/shared-responsibility-model/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020