Member-only story
Is Your Website Hosted In An S3 Bucket Misconfigured?
A common mistake you’ll want to avoid that was in the code I got back from Amazon Q
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ A series on Security Automation. The Code.
🔒 Related Stories: Cybersecurity | Penetration Tests | AI
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last few posts I wrote some code to deploy a public static website in an S3 bucket. The configuration includes CloudFront and a TLS Certificate.
The related posts for how I developed the website are all listed in this blog post on AI research and programming with AI:
In this post I’m going to explain a common security misconfiguration that people make when implementing websites in S3 buckets. I used to have a lab covering this topic when I taught cloud security classes that basically showed people how to implement the code I wrote in that series to prevent this misconfiguration.
