S3 Bucket Security Hardening Using SCP policy

Hi, everyone

My name is Santosh Kumar Sha, I’m a Security researcher/ Security Engineer from India(Assam). In this article, I will be Demonstrating How I was able Hardened the S3 Bucket Security Using SCP policy to reduced the impact and Blast Radius during an Security event or During any Hacked happened.

SPECIAL Note:

This write is note about AWS Best practice for S3 bucket. As Cloud Expert and Security expert, we have already implemented or aware of all the AWS best Practices of s3 bucket like Bucket Versioning, KMS encryption, S3 access log, Bucket policy with list access, Enable Event Notifications, CloudTrail API notification, Cross-Region Replication , Lifecycle policy, MFA delete, Object lock etc.

TOOLS used for the exploitation

  1. AWS CLI
  2. Prowler(https://github.com/prowler-cloud/prowler)

Story Behind the Blog:

The Story Behind this writeup was working for Client whose AWS production account hacked and all there s3 bucket containing Data containing critical data was deleted if s3 versioning object data also.

As Client was less technical and don’t want any overload configuration and also want control over all the account while dealing with s3 bucket configuration and s3 bucket changed.

Here it goes:

--

--

Santosh Kumar Sha(@killmongar1996)

Cloud Security |Security Researcher |Pentester | Bugbounty hunter|VAPT | Pentration tester | CTF player | topmate.io/santosh_kumar_sha