I am an avid follower of AWS Online Tech Talks YouTube channel. It is a useful way to stay up-to-date on new or existing AWS features and services; I find it helpful to refresh and retain knowledge. Recently, I encountered a webinar about AWS S3 security, which triggered me to relook at my S3 policies and settings. I decided to consolidate some S3 security features and properties. In this article, I'll discuss the changes I made, along with some examples and my two cents.
What’s the Incentive?
Typically, in my day-to-day use of S3, security and permissions are not being changed regularly. In most cases, we set the security definitions at the time the S3 bucket is created and then forget about it. We do not bother to revalidate these security settings periodically.