Skip to Content

AWS S3 new defaults

Updated on 2022-12-29: AWS S3 new defaults

After a quatrabazillion incidents where customers accidentally left S3 buckets exposed on the internet and leaked their companies’ sensitive data online, the super-geniuses at AWS have finally decided to change the S3 defaults from open to “block public access.” This will become the default policy for all new S3 buckets in April 2023, meaning that if you want the content of your S3 bucket to be publicly accessible, you will have to deploy an ACL rule to make it so. Read more: Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access and disable access control lists for all new buckets starting in April 2023

Overview

Sensitive information of more than 100,000 students was left publicly exposed due to misconfigured AWS S3 buckets belonging to McGraw Hill. These unprotected buckets contained more than 22 TB of data and over 117 million files and were fixed on July 20. Read more: McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.