Since 2015, this site has been reporting on data leaks due to misconfigured databases or devices that are indexed on shodan.io or other specialized search engines. Many of the leaks I have reported on involve AWS S3 buckets. And despite the fact that Amazon has issued reminders and guidance to its customers about securing buckets, there is still widespread leakage.
We all know you can lead a horse to a security tool or advice, but you can’t make them use it. With that in mind, kudos to Kromtech Security for developing and making freely available a tool to help administrators check whether their Amazon S3 bucket is allowing public access when it shouldn’t be.
We decided to make a Simple tool that can help Amazon S3 users quickly check their S3 buckets for public access. The tool gives users a report that they can then use to shut down any unwanted public access to the S3 buckets and the valuable data they contain. This free tool can provide an extra layer of security so that users can be confident that their data is well-protected and is not accessible or being downloaded by unauthorised users.