Re: [MWUG] Digest for manchester-wordpress-user-group@googlegroups.com - 3 updates in 1 topic

[Michael Cropper]

As Mike says, triple check your settings. Unlike a lot of AWS services that are often protected in a VPC or similar, the way AWS S3 system as a whole works is that it is nothing more than a glorified key : value store. So if you don't configure your bucket policies correctly you could be exposing data you shouldn't be. 

Bearing in mind that the settings are often a mix between the GUI and the Yaml policies depending on your use case. 

Also keep in mind this may be a phishing email. 

On Thu, 14 Jan 2021, 20:20 , <manchester-word...@googlegroups.com> wrote:

manchester-word...@googlegroups.com

Google Groups

Topic digest
View all topics

• Strange email from AWS about S3 buckets - 3 Updates

Strange email from AWS about S3 buckets

Mike Witt <msg...@gmail.com>: Jan 13 03:55PM -0800 Just a shot in the dark here, but anybody using AWS S3 and recently got an email starting like this:   -------------- Subject: Notification of Amazon S3 buckets configured for public access We are writing to notify you that you have configured your S3 bucket(s) to be publicly accessible ... ---------------   And it then goes on to list several buckets which (AFAICT) are NOT public (even though I have some other buckets which are.)   I have asked about it on the AWS forum, but no luck there so far. Just thought I give it a try here.

Mike Little <mi...@zed1.com>: Jan 14 12:24PM I have had similar emails. But in my case the one bucket listed as public is intentionally public.   However, a couple of years ago, when AWS realised that they had been setting things to default to public (or all the examples they gave did so), many of my buckets were listed as "potentially" public.   And I think that "potentially" is the problem. My interpretation of the emails (and maybe the linked web page) is that it is possible to set up buckets so that they require a logged in AWS user. But if you do it wrong (and I think I did in the early days), ANY logged in AWS user can access the bucket, which is practically the same as public to the bad folks.   So it is worth triple checking your settings.   I'm not an AWS expert, and definitely got it wrong when I first started using S3.   I hope that helps.   > https://groups.google.com/d/msgid/manchester-wordpress-user-group/685e64ab-c3ea-434d-adab-b245159de758n%40googlegroups.com > <https://groups.google.com/d/msgid/manchester-wordpress-user-group/685e64ab-c3ea-434d-adab-b245159de758n%40googlegroups.com?utm_medium=email&utm_source=footer> > .   -- Stay safe and healthy, best regards,   Mike       -- *Mike Little* *WordPress Specialist*   Web: mikelittle.org Twitter: @mikelittlezed1 LinkedIn: linkedin.com/in/mikelittle Newsletter: https://mikelittle.org/subscribe   Founder and Director *Zed1.com Limited* https://zed1.com Registered in England & Wales, no. 6745562

Mike Witt <msg...@gmail.com>: Jan 14 12:04PM -0700 OK, I think I see what you're saying. It sounds there are some things I should check out. Thanks!   On 01/14/2021 05:24:22 AM, 'Mike Little' via Manchester WordPress User Group wrote:

Back to top

You have received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to manchester-wordpress-...@googlegroups.com.