Ensuring cloud security is on the priority for most of the crucial IT practices. Organizations want their cloud infrastructure to attain maximum security levels which will allow them to deploy their data, resources and focus on their business rather than getting worried about security threats. S3 is the storage service provided by Amazon Web Services and it is necessary to take some remediations for your AWS S3 buckets to secure the stored data.
Why AWS S3 buckets should not be publicly accessible?
Users can control the accessibility and privacy of their S3 buckets in bucket policy. It is recommended that AWS S3 buckets should not be publicly accessible to other users in AWS. Publicly accessible S3 bucket means that other AWS users can access your data stored in the bucket which can lead to misuse of the data. There may be a situation where the user might be unaware of any publicly accessible bucket which may contain data which is not supposed to be shared with other users.
Need a clear understanding of Amazon S3? – read our insider piece.
Centilytics comes into play to ensure your cloud’s security posture
Centilytics lists down all your S3 buckets and shows the corresponding status specifying whether they are public or not. This insight allows you to analyze and act against your misconfigured S3 buckets from AWS console.
Insight descriptions:
There can be 2 possible scenarios:
| Severity | Description |
 OK |
This indication will be displayed when the corresponding AWS S3 buckets are not publicly accessible |
 CRITICAL |
This indication will be displayed when the corresponding S3 bucket is publicly accessible. |
Description of further columns are as follows:
- Account Id: This column Shows the respective account ID of the user’s account.
- Account Name: This column shows the corresponding account name to the user’s account.
- Region: This column shows the region in which the bucket exists.
- Bucket Name: This column shows the corresponding bucket name.
- Description: This column shows the description attached to the corresponding bucket.
Filters applicable:
| Filter Name | Description |
| Account Id | Applying the account Id filter will display data for the selected account Id. |
| Region | Applying region filter will display data according to the selected region. |
| Severity | Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types |
Compliances covered:
| Compliance Name | Reference No. | Link |
| PCI | 1.2.1,1.3,1.3.1,1.3.2 | https://docs.aws.amazon.com/quickstart/ latest/compliance-pci/welcome.html |
| HIPAA | 164.312(a)(1) | https://aws.amazon.com/quickstart/ architecture/compliance-hipaa/ |
| ISO 27001 | A.9.1.2, A.13.1.3, A.13.2.1, A.14.1.2 | https://www.iso.org/standard/54534.html
|
| NIST 800-53 | SC-7, SI-4,CM-2,CM-6 | https://docs.aws.amazon.com/quickstart/ latest/compliance-nist/welcome.html |
Read more:
[1] https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html