All Questions
20
questions
0
votes
1
answer
91
views
Best practice for storing personal information on AWS that we shouldn't be able to see
We store customer information that we shouldn't have access to, and don't want to inconvenience users by making them lose information if they forget their passwords, is there a good way to solve this ...
2
votes
1
answer
356
views
Since S3 charges by request, couldn't a malicious hacker cause a huge AWS bill just by spamming requests?
What would stop them from doing so, against, say, a static website hosted using S3? Is there a good way to deny some requests such that one avoids getting billed for them?
(Context: I want to host a ...
3
votes
2
answers
809
views
Why AWS encryption for EBS and S3 is disabled by default? [closed]
For EBS and S3 encryption (even via the default key from KMS) is disabled by default, as I understood from the documentation, there is no difference to the user if volume/objects is/are encrypted ...
0
votes
1
answer
128
views
How can you set up secure Terraform state storage for different infrastructure layers using S3 for backend?
Context
After reading a lot about Terraform and playing with it in minor projects, I'd like to start using it in a real, production environment.
As the environment is mostly in AWS, I'd go for the ...
0
votes
1
answer
440
views
Wildfly Cluster w/S3 Ping and IAM Instance Role?
I've successfully managed to deploy a Wildfly cluster in AWS, using the jGroups S3_Ping functionality rather than the normal broadcast method. However, all of the documentation I've seen requires me ...
68
votes
2
answers
20k
views
Why does AWS recommend against public S3 buckets?
"We highly recommend that you never grant any kind of public access to your S3 bucket."
I have set a very granular public policy (s3:GetObject) for one bucket that I use to host a website. Route53 ...
0
votes
1
answer
32
views
Securing CloudFront video on a SaaS platform
I have few videos which needs to be embedded in a SaaS LMS platform. Is there a possibility of making it available only if played from the SaaS platform.
I looked at the Origin Access Identity - they ...
1
vote
2
answers
504
views
AWS/S3 - creating a user (through console) to grant r/w bucket perms to for 1 bucket?
I have an Amazon Web Services S3 bucket I want to use with the android data syncing app 'FolderSync'.
Towards that I want to set limited perms on the bucket for a new user.
Within the AWS management ...
0
votes
1
answer
100
views
Why are some big corporations still worried about cloud security? [closed]
My company sells an app subscription, which is hosted as SAAS on Amazon Cloud.
I have had a few clients who weren't very keen on uploading their documents to my product because my product is hosted ...
0
votes
2
answers
2k
views
S3 backup with versioning plus lifecycle management to prevent malicious deletion of backups?
I just want to run this idea by some smarter people to make sure I'm not overlooking something obvious:
I want to backup my Linux server to S3 using one of the many backup scripts that allow ...
1
vote
0
answers
7k
views
AWS security group egress rules for S3
I manually created a new security group using the AWS CLI.
I created ingress rules that allow incoming connections only from my company's public IP address using the known ports for SSH (22) and ...
1
vote
1
answer
2k
views
Can I use an IAM role to grant my Heroku app access to my Amazon S3 bucket?
Heroku: Using AWS S3 to Store Static Assets and File Uploads suggests using my AWS security credentials to enable my Heroku app to access my Amazon S3 bucket.
However, isn't it better practice (as ...
11
votes
3
answers
14k
views
Pricing of Key Pairs and Security Groups on AWS?
My free AWS account expired. I deleted all S3 and EC2 resources, but am wandering if I can leave the Key Pairs and Security Groups without having to pay for them. (My account resources look like this ...
3
votes
2
answers
778
views
How to discourage a hacker with root access from deleting remote backups?
I'm currently researching the best backup solution for my CentOS webserver, and I'm thinking of going with either Tarsnap or straight-up Amazon S3.
I am trying to figure out how to discourage a ...
3
votes
2
answers
982
views
How can I secure files on S3?
I want to control who can download a file via an app (as if it was held on the local FS). What's the right approach for doing this, considering S3 can't be mounted as a POSIX compliant file system?
0
votes
1
answer
394
views
How to securely backup to S3
I am using the excellent s3 tools (http://s3tools.org/s3cmd) to backup files from a Linux based server to S3.
Does anyone know of a good strategy so that I can use this tool to upload o S3 in a way ...
0
votes
1
answer
113
views
help me setup a good security policy
i'm running a site on a shared host while image hosting is done on amazon s3. i've opened a second shared host account for backups. here's my setup :
A -> site on shared host, pushes images to B (s3 ...
0
votes
1
answer
106
views
moved images to amazon s3: security advice
I've recently moved the images from my site to s3. I'm having nightmares about someone getting hold of the access keys, going in and deleting all my buckets.
Please share some s3 security tips and ...
1
vote
1
answer
1k
views
Preventing Amazon S3 Bandwidth Stealing?
I have a Image Hosting Site that is using Amazon S3 as a main source for bandwith and storage.
I have a few option here to prevent other sources from stealing my bandwith, but I am hoping there are ...
5
votes
2
answers
4k
views
AWS S3 Backup Strategies - How should I approach backing up S3 buckets?
I am in the process of building a web-app with potential for a massive amount of storage requirements which can be satisfied by amazon S3.
My main concern is the usage of API keys on the server, and ...