Attackers target cloud systems around the clock and often focus on cloud storage. They tend to take advantage of misconfigurations thanks to the fact that there are nuanced configuration settings that are not immediately obvious. Although this chapter focuses on AWS specifically, such issues are far from just being an AWS problem, and Azure and GCP, for example, require similar levels of prudence and attention paid to misconfigurations and overly permissive access settings.

On AWS, the dominant cloud platform, storage repositories are called buckets in relation to the AWS S3 service. Buckets have what you might call parent permissions relating to the entire bucket, and it is possible to set varying levels of access to that upper level of each bucket.

However, it is also possible to get caught out, more so until recent improvements made by AWS were made available, because some of the child assets within buckets, called objects in S3 terms, can inherit different permissions.

In this chapter, we will look at ways of auditing where misconfiguration problems might exist within AWS S3 buckets to help with your cloud storage's security posture.

Buckets

We will begin by looking at software called S3 Inspector (https://github.com/clario-tech/s3-inspector). It has a relatively simple raison d'etre: to programmatically list your AWS S3 buckets, note whether they are publicly accessible, and then display any URLs that are pointing at them. Consider that simple ...