AWS S3 Buckets: Visible endpoint
Although not a literal secret, the Amazon S3 Bucket URL should be kept confidential, stored safely and not hardcoded.
Since every bucket or object is potentially accessible from anywhere, with the right settings allowing public access a bucket or object can be open to the world. This is where the security risk lies.
Even if an endpoint is opaque, it still is a network surface of attack. For example, what can be seen as a secure host today, is a vulnerable host tomorrow, given that an exploit has been found (many times 0-day).
Social engineering can be performed more effectively, if the hacker knows an internal detail about your organization, such as an S3 Bucket.
Problem
AWS S3 Bucket endpoint is hardcoded or exposed in configuration files, infrastructure code, or business services.
Fix
Infrastructure
Architecture
- Prefer a 12-factor architecture
See
Updated over 1 year ago