It's hard to get it right, though that's not to shift blame away from those who spilled info about others because they couldn't figure out how to lock buckets and objects down.
One way is to scaffold in bucket policies that ensure data is always: encrypted at rest, encrypted in transit, and locked down so objects can't be public. People can override these if needed, but because these settings are the default most people don't know about them or know how to set them up.
At Stackery we always scaffold in S3 Buckets with these settings in place, while giving you the ability to check boxes to turn on website hosting or allow contents to be publicly available. That helps ensure people configure things right the first time and every time!
ryancoleman|4 years ago
txase|4 years ago
One way is to scaffold in bucket policies that ensure data is always: encrypted at rest, encrypted in transit, and locked down so objects can't be public. People can override these if needed, but because these settings are the default most people don't know about them or know how to set them up.
At Stackery we always scaffold in S3 Buckets with these settings in place, while giving you the ability to check boxes to turn on website hosting or allow contents to be publicly available. That helps ensure people configure things right the first time and every time!