AWS launches new security offering which mitigates S3 misconfigurations – if customers get it right

Amazon Web Services (AWS) has announced extra steps to ensure customers’ S3 buckets don’t become misconfigured – but don’t assume responsibility has been taken away from the customer. The new service, Amazon S3 Block Public Access, can work at the account level, on individual buckets, as well as future buckets created. Users can also block existing public access, or ensure public access is not available for newly created items. The move can be seen as an extension of the various access controls users already have on AWS buckets, through either Access Control Lists (ACL), or identity and access management (IAM) bucket policies. Users will not be charged for this additional usage, aside from usual prices for all requests made to the S3 API. As Jeff Barr, chief evangelist for Amazon Web Services, put it in a blog post explaining the new system: “We want to make sure that you use public buckets and objects as needed, while giving you tools to make sure that you don’t make them publicly accessible due to a simple mistake or misunderstanding.”