AWS rolls out new security feature to prevent accidental S3 data leaks

New settings will prevent accidental S3 bucket leaks --if customers take the time to apply them.
Written by Catalin Cimpanu, Contributor
Image: AWS

Amazon's Web Services division has rolled out new security features to AWS account owners today that are meant to prevent accidental data exposures caused by the misconfiguration of S3 data storage buckets.

Starting today, AWS account owners will have access to four new options inside their S3 dashboards under the "Public access settings for this account" section.

These four new options allow the account owner to set a default access setting for all of an account's S3 buckets. These new account-level settings will override any existing or newly created bucket-level ACLs (access control lists) and policies.

ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks

Account owners will have the ability to apply these new settings for S3 buckets that will be created from now onwards, to apply the new setting retroactively, or both.

Jeff Barr, Chief Evangelist for Amazon Web Services, said the new settings are meant to work as a master switch that prevents account owners or their employees/developers from accidentally opening S3 buckets and their data to the public by coding or misconfiguration errors at the app/bucket level.

These types of accidents (of misconfiguring S3 buckets) have been a major problem for AWS customers for the past few years, and a serious black eye for AWS itself. Many cyber-security experts have considered that Amazon did not do enough to warn AWS users about the dangers of exposing an S3 bucket or providing controls to prevent this from happening.

Amazon did act, in November last year, when it began displaying bright orange warnings in the AWS dashboard, next to each S3 bucket that allowed public access.

Image: AWS

Today's updates come to address most of the criticism that the company has faced recently, and this update will provide the much-needed settings to prevent misconfiguration from exposing buckets, and not just tell account owners after they've already happened.

Just to put things in perspective and show how problematic the issue of accidental S3 bucket exposures has been, below is a (very incomplete) list of data breaches and data leaks that have been caused by a company or app that ran a misconfigured S3 bucket that allowed anyone to view its content and not just the server owner.

According to research published last year, Skyhigh Networks (now part of McAfee) found that around seven percent of all AWS S3 buckets were publicly exposed.

In addition to the new AWS S3 public access settings, Amazon also announced major news for DynamoDB, a high-load database engine, also part of the AWS suite. Starting today, Amazon said all data stored inside DynamoDBs will be encrypted by default.

"You do not have to make any code or application modifications to encrypt your data," Amazon said in a press release. "DynamoDB handles the encryption and decryption of your data transparently and continues to deliver the same single-digit millisecond latency that you have come to expect."

These were 2017's biggest hacks, leaks, and data breaches

Related coverage:

Best Black Friday 2018 deals:

Editorial standards