Waf Charm

Blog

AWS for beginners

S3 security pitfalls

【Table of contents】

  1. 1. Introuduction
  2. 2. Basics of S3 security
  3. 3. Pitfalls of S3 security from the perspective of use cases
  4. 4. Conclusion
  • 1. Introduction

    Before discussing the security pitfalls of S3, let's briefly describe what S3 is.

    • a) What is S3?

      S3 (Simple Storage Service) is an AWS storage service. It can be used for a variety of purposes, such as it can be used not only as a data storage destination such as logs, but also as a content distribution source when distributing video data etc. The following four points are the main characteristics.

      ・High robustness
      When the data is stored on S3, it is copied to three data centers at the same time to ensure that the data is not lost. The endurance of the data is set at 99.999999999% (aka: Eleven Nine). Therefore, the data stored in S3 will not be corrupted unless there is a very serious problem. In addition, the availability is 99.99%, which is also very high.
       
      ・Unlimited capacity
      There is no limit to the amount of data or number of files that can be placed on S3. This means that you can place an infinite amount of data on S3, as long as you can pay for its use. In addition, there is a limit to the size of each file, which is 5TB per file.

      ・Cheap
      At a cost of about 3 yen per GB (0.025USD/GB; November 2019 in Tokyo Region), you'll have access to highly robust, unlimited capacity data storage. Also, there is no charge for the amount of data transfer when you place it on S3.

      ・Plenty of options
      For long-term data storage purposes, an option called Glacier/Glacier Deep Archive is available. You can also choose the type of storage that best suits your data, such as low redundancy S3 for the purpose of placing non-critical data.
       

  • 2. Basics of S3 security

    We will describe the security of S3. As mentioned earlier, when it comes to completeness and availability, at first glance, S3 is more than adequate storage. In addition to the above, you can use the encryption and access control functions provided by S3 to achieve strong security.

    • a) Access control method

      There are three access control methods in S3.
       ・IAM
       ・Bucket Policy
       ・Bucket ACL
       Each has the following characteristics.
       

      IAM You can control access to the entire S3 service. For example, permissions to create and delete buckets can be granted, and detailed access control can be applied to JSON files.
      Bucket policy You can configure access control for IAM users and AWS accounts, and detailed access control can be applied to JSON files.
      Bucket ACL It is possible to configure access control for buckets for AWS accounts, with a simple GUI. You can also set whether or not you want to publish S3 content on the Internet.

       
      The strength of permissions is IAM > Bucket Policy > Bucket ACL.
      For example, an operation that is allowed by a bucket policy is not possible if it is forbidden by IAM.
       

    • b) Encryption method

      This section describes the encryption method of the data placed in S3. There are four encryption methods.
       ・SSE-S3
       ・SSE-KMS
       ・SSE-C
       ・CSE
      SSE stands for "Server Side Encryption", which means "to perform encryption on the server side".
      CSE stands for "Client Side Encryption", meaning "the client performs the encryption". Each has a different administrator for the encryption key. Let's take a look at the characteristics.
       

      Method Name Encryption Location Key Management Service Features
      SSE-S3 Server-side S3 It's free to implement. Key management is AWS, so it's easy to operate.
      SSE-KMS Server-side KMS There is an additional charge for KMS, but it is easy to remain in the log because it uses the KMS API for encryption and compounding.
      SSE-C Server-side User+S3 The user uploads the key to S3, which encrypts the key, but the user must also manage the key because the key itself is not stored in S3.
      CSE Client-side User A format for placing user-encrypted files.

     

  • 3. Pitfalls of S3 security from the perspective of use cases

    S3 is mainly used as a destination for file sharing, data storage such as logs, source code, backups, and content distribution destination. Let's take a look at the basic S3 access control methods and the security pitfalls when using it as a data storage and content delivery destination.

    • a) As a file sharing destination

      We will explain about the security pitfalls of S3 when placing files for use in applications. When using file sharing as a destination, you need to consider detailed permissions and access methods for the applications and AWS accounts to be shared. For example, if the IAM user is assigned to the sharing destination and the access key / secret key of the IAM user is used for access, if the access key is leaked to the outside, there is a possibility of unauthorized access.
       

    • b) As a data storage destination

      This section explains the security pitfalls of S3 when using it as a data storage destination. You need to sort out the requirements of whether the data you're storing should be ready for retrieval at any time or not, and choose the S3 option that suits your requirements. For example, S3 Glacier takes a long time to retrieve data. If you use S3 Glacier for disaster backups, you will experience delays in data recovery and a significant loss of system availability. Also, if you take advantage of the low redundancy storage option for critical data, the integrity of the data will be compromised in case of an emergency.
       

    • c) As a content distribution source

      Here are some security pitfalls when using S3 as a content distribution source, like a web server. If you're using it as a content distribution source, be sure to monitor it well to make sure it's being delivered correctly. S3 has a limit on the number of requests per second. Therefore, if more than 5500 requests are made per second, such as in a DDos attack, the upper limit will be reached and the availability of the content as a source will be compromised. Therefore, monitor the number of requests and, in some cases, use CloudFront to ensure that you don't reach your request limit.

      Also, if you are using SSE-KMS to encrypt the contents of S3, you need to be more careful, because KMS encryption and compounding keys also have an upper limit on the number of requests per second.

      You can use CloudWatch or CloudTrail as a monitoring method for S3.
       

  • 4. Conclusion

    S3 options, access permissions and purposes of use should be clear and detailed security measures should be in place. Otherwise, the basics of security - "confidentiality, integrity and availability" - may be compromised. Once configured, it is also important to monitor with CloudTrail or CloudWatch.