Highest Voted 'aws' Questions - IT Security Stack Exchange

8

votes

2 answers

Is open-source infrastructure safe?

My AWS infrastructure is publicly available here. Is this a security concern? I was prompted to ask this following the Capital One breach and after learning about https://opensourceinfra.org/ Please be nice and don't hack me if it is indeed…

aws

asked Aug 07 '19 at 13:27

Shadi

181
3

6

votes

0 answers

What does a POST like 0x%5B%5D=somename try to achieve?

We created a default environment on AWS Elastic Beanstalk using their Python "sample app". After some time, the logs show a large number of POST requests with bodies like…

aws

asked Oct 07 '21 at 12:44

djvg

473
5
11

5

votes

2 answers

Differences between the Root user and users with AdministratorAccess in AWS

I am trying to determine the differences (if any) between using the AWS Root user, or a user within the AdministratorAccess group in AWS. The AdministratorAccess is given the following privileges: { "Version": "2012-10-17", "Statement": [ …

aws

asked Apr 03 '19 at 19:04

sommr

53
1
3

5

votes

1 answer

AWS-S3 Signed URL Security concern

When you create a pre-signed URL for your object, you must provide expiration date and time. The pre-signed URLs are valid only for the specified duration. Anyone who receives the pre-signed URL can then access the object. We have some security…

aws

asked Jul 29 '16 at 06:09

Aniketk

51
1
3

4

votes

3 answers

What are the security dangers of using Security Groups instead of NAT Gateways for isolating AWS RDS databases from public access?

As I have learned, there are two main ways of isolating resources in AWS VPC One through public/private subnet separation using NAT Gateways to route communications between resources (e.g. public web servers) in the public subnets and resources in…

aws

asked Aug 18 '20 at 15:12

Matias Haeussler

173
6

4

votes

1 answer

How secure is http communication between AWS ELB and EC2 Instances

We have a VPC with security group set between AWS ELB and EC2 instances. However, when a request is forwarded to EC2 instances, we forward it via http, not https. Http being not encrypted and given that security group is correctly set, I wonder if…

aws

asked Nov 13 '16 at 23:02

Seong Kim

41
1

3

votes

0 answers

AWS SSM Agent protection

Our company is moving to the AWS cloud recently, and AWS relies a lot on the SSM agent, it is also opensource. ( https://github.com/aws/amazon-ssm-agent ) From my understanding, this agent is not signed when you deploy it on your machine. Cloudwatch…

aws

asked Jan 16 '19 at 06:25

user50312

2

votes

1 answer

Is SSL on AWS RDS in private network necessary

I saw that using SSL on AWS RDS can reduce the performance of the database by over 10%. Let's say that an RDS database is on a private network and only accessed by applications on other private networks in the same VPC. The security groups of the…

aws

asked Feb 08 '22 at 08:51

Florat

23
2

2

votes

2 answers

Am I vulnerable while leaving a putty client connected to my Amazon Web Server?

I'm not worried or concerned, but I am curious as to what types of exploitation I might expose my home server to if I leave a putty client connected using SSH. I am using putty to connect to an EC2 Amazon Web Service hosted virtual Linux box. The…

aws

asked Jun 24 '16 at 15:21

PositriesElectron

1,595
1
13
18

1

vote

1 answer

Explanation of the AWS IAM PassRole vulnerability

Help me understand what the risk in the AWS Privilege Escalation Vulnerabilities article is. I think it is normal that I create an EC2 instance and associate an IAM role as its instance profile, and then log in to the instance. Once I log in to the…

aws

asked Jun 26 '23 at 03:22

mon

295
3
9

1

vote

1 answer

Does AWS store users' passwords without hashing?

I just noticed that AWS provides a service that checks your users' passwords for corporate password rule compliance "periodically": https://docs.aws.amazon.com/config/latest/developerguide/iam-password-policy.html This makes me afraid that AWS…

aws

asked Apr 14 '21 at 20:33

bkoodaa

440
1
4
10

1

vote

1 answer

AWS serverless site security. Anything else I should add?

I have an AWS static site in an S3 bucket, accessible through CloudFront and a bunch of lambda functions that form the backend of the site. Is there anything else I can/should do security wise to guard against someone unauthorized running any of the…

aws

asked Nov 05 '19 at 00:05

Rilcon42

115
4

1

vote

0 answers

Is the example Amazon SNS Topic Policy for CloudTrail too permissive?

I'm trying to configure several AWS accounts to log CloudTrail to a central logging account, from which the logs will be brought into Splunk. In order to do this, I need to configure CloudTrail on each source AWS account to log to an S3 bucket in…

aws

asked Aug 02 '19 at 21:40

Joe M.

439
4
10

1

vote

1 answer

Is AWS Elastic Beanstalk traffic from load balancer to backend EC2 instances secure?

AWS Elastic Beanstalk service routes traffic back to its EC2 instances through HTTP by default. I know this can be configured to achieve end to end encryption by adding SSL encryption from the load balancer back to its EC2 instance(s). I also know…

aws

asked Sep 21 '18 at 22:12

flizana

113
3

1

vote

1 answer

AWS KMS same key for every request

I've been trying to use KMS to store sensitive personal data. We generated a CMK and are using the API/Encrypt over https. The idea was to store login information (emails) using KMS, we are using a password less authentication (JWT). This email data…

aws

asked Apr 12 '17 at 11:21

Narcil

113
5

Questions tagged [aws]