AWS deploys security features to prevent S3 data leaks

Amazon Web Services (AWS) has rolled out new security features to prevent accidental data breaches caused by the misconfiguration of S3 data storage buckets. The company reports that there are four new options, which can be found in the S3-dashboard under “Public settings for this account”.

The four new options allow the account owner to set a default access setting for all S3 buckets on the account. The new settings overwrite all existing or newly created ACLs (access control lists) and bucket-level policies. It is also possible to implement the new setting in S3-buckets that are made from that moment on. The new setting can also be set retroactively.

According to Jeff Barr, Chief Evangelist for AWS, the new settings should work as a master switch, which prevents the account owner or employees from accidentally disclosing S3 buckets and their data due to errors in the app or bucket level that have been programmed into them or caused by a misconfiguration.

In recent years, these errors have been a major problem for AWS users. Several security experts wondered whether Amazon did enough to warn AWS users about the dangers of publishing a S3-bucket or whether it gave them enough options to prevent this from happening. However, in November last year, Amazon began to issue orange warnings next to every S3 bucket that allowed public access. The new functions must respond to the criticism.

DynamoDB

In addition to the new settings, Amazon has also announced major news for DynamoDB, a high-load database engine. From now on all data in DynamoDB’s will be encrypted by default. “You don’t have to make any changes to your code or application to encrypt your data,” says the company. “DynamoDB handles the encryption and decryption of your data transparently and continues to offer the same low latency that you have come to expect.