Amazon S3 (Simple Storage Service) is an object storage service. It stores files (objects) in buckets. By default, all buckets are private. So why do so many leak? Because developers intentionally make them public to host images/websites, but unintentionally expose sensitive backups in the same bucket.
How to Find Leaky Buckets
Hackers use tools like `grayhatwarfare` or `bucket-finder`.
They verify if a company uses S3 by guessing names: `company-backups`, `company-images`.
If they visit `http://company-backups.s3.amazonaws.com` and see an XML file listing all contents... you are hacked.
1. Block Public Access (BPA)
AWS introduced "Block Public Access" as a master switch at the Account Level.
Turn this ON.
It overrides any individual bucket policy that might accidentally grant access.
If you need to host public images, put them in a dedicated bucket and ONLY turn off BPA for that specific bucket. Never mix private and public data.
2. Bucket Policies vs ACLs
S3 has two ways to control access. This is confusing.
- ACL (Legacy): Old way. "Grant Read to Everyone". Avoid using ACLs.
- Bucket Policy (JSON): Modern way. Powerful IAM-style rules. "Allow Read IF User-Agent is X". Use this.