Is open-source infrastructure safe?

Question

My AWS infrastructure is publicly available here. Is this a security concern?

I was prompted to ask this following the Capital One breach and after learning about https://opensourceinfra.org/

Please be nice and don't hack me if it is indeed insecure. I did my best in reviewing the repo for security breaches. I'm just posting this here for the sake of public knowledge and public good.

This question was originally posted on stackoverflow.com. A user replied saying that EC2 instance ID and VPC-related info are sensitive, but I found this post saying it's safe to share EC2 instance IDs.

Answer 1

It’s really difficult when someone says “is it secure?”. Because the answer will almost certainly be “from what?”.

You need to benchmark your security risk appetite, and from there look at what threats and vulnerabilities exist. Work out what you’re willing to accept, then mitigate the rest through different controls.

I know it’s not what you are looking for, but it’s really the only way to answer “is it secure?”

Note: I see the questions been reformatted since I posted this. Leaving it here for fullness

Answer 2

This holds true for all of the code, configurations publicly available, whether it be in Tutorials, Guides, Github repos etc.

Everything needs to be taken with a bit of salt, always verify what you are getting make sure you know how it works. Don't just go out there and copy-paste stuff without knowing what it is and it does.

EC2 instance ID's is a tricky bit, you shouldn't throw them away, if possible, but keep in mind this doesn't decrease risk or increase security in any way. It's security by obscurity.