Collaborate Disseminate
I want to know that whether Amazon S3 Pre-Signed URL is protected from brute force attack.
For example, if I am the only person who knows the Pre-signed URL, is it extremely unlikely that somebody use brute force attack and access to bucke… Continue reading Is the Amazon S3 Pre-Signed URL protected from brute force attack?
As your S3 storage requirements grow, it gets harder to understand exactly what you have, and this especially true when it crosses multiple regions. This could have broad implications for administrators, who are forced to build their own solutions to get that missing visibility. AWS changed that this week when it announced a new product […] Continue reading Amazon S3 Storage Lens gives IT visibility into complex S3 usage
Since the early days of s3cmd I use it in combination with random generated filenames (uuidgen loop) and a complex passphrase (pwgen -n1 -c 32 -y). On security.stackexchange.com search there is only 1 result for s3cmd.
I use Amazon S3 (Gla… Continue reading Can’t Amazon see my files if I use s3cmd/gpg with a complex password?
A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows. Continue reading Google Cloud Buckets Exposed in Rampant Misconfiguration
As a service provider, I allow logged in users to upload documents to a web server, and upload it to S3. The logged in user should subsequently be able to view his own documents, and I want to serve it directly from S3, with some token-ba… Continue reading Making S3 objects viewable only for logged in users
We are trying to make our web app the most cost effective and secure we can.
For that reason we are using Cloudflare instead of CloudFront as a CDN for our frontend resources.
We put CloudFront between Cloudflare and S3 to be able to use F… Continue reading Are public website s3 buckets vulnerable to DDoS attacks?
I have a backup routine via crontab on Ubuntu.
This routine generates a compressed tar.gz file and sends it to AWS S3.
But I want to encrypt these files and be able to decrypt them when necessary on another machine only if I have the priv… Continue reading Encrypt backup files and send them to AWS S3
What security considerations should be taken into account when naming an S3 bucket?
Continue reading Security considerations when naming S3 Buckets
Issue: I have a presigned url which is valid for 15 minutes. Upload can be initiated any number of times if the presigned url is captured in this time frame.
I want to make an S3 presigned url for upload as secure as possible, so that up… Continue reading How to make S3 Presigned url single use only?
AWS provides signed url to objects in bucket.On backend we can connect with AWS and create such signed urls and send to front-endJust discussing this one use case where we use that signed url to make a put request through javascript, there… Continue reading Is it insecure to expose private bucket names through signed URL?