Why You're Getting PWNED on AWS

While AWS may be pretty decent at keeping their security together and not being in the limelight for security incidents, you dear AWS user might not be so lucky.

Over at GitHub there's a great curated list of publicly disclosed security incidents of people running on the cloud.

I did the work for you and went through that list and it boils down to these three main issues being responsible for 80% of the pawnage

Common Security Issues

Static Credentials Rule Supreme as Initial Access Vector

Still the main and most popular, after all those years. Yeah I know, even AWS in their docs can't stop talking and talking about IAM users, but just don't do it.

These classics and are candidates for the Rolling Stone's all time best security issues: long lived IAM credentials (read: IAM users).

leaked via

• container layers
• source code repositories
• environment variables
• etc.

Erm ... no do not do IAM users, as simple as that. Go ahead and just use AWS Identity Center AKA SSO and EC2 Instance Profiles, no reason to not do that.

Data Leaks

Still the evergreen world readable S3 bucket is by far the most popular way to lose your data.

For the love of everything that is holy, slap S3 Block Public Access ACLs on those buckets as much as you can.

Server Side Resource Forgery

Yeah, AWS did surely play a good part in here as well with the IMDSv1 not using any sort of authentication of expiry for EC2 instance meta data. - -

Please do yourself a favour and switch to IMDSv2