Public exposure to resources is a point of dread for many security practitioners. Public resources are low-hanging fruit for attackers seeking to access sensitive information or manipulate an activity -- or even deny the availability of mission-critical resources.
One well-known culprit for exposing resources is AWS built-in mechanisms. While misconfiguring them is a common and legitimate concern for security practitioners charged with protecting AWS environments, we often see another mechanism that may be even more misconfiguration-prone: resource-based policies.