Unencrypted S3 bucket can lead to data leak
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | PERMISSION |
Description
AWS S3 buckets should be encrypted to protect the data if accesses are compromised.
There are two types of server-side encryption for Amazon S3 buckets:
- Server-Side Encryption with Amazon S3-managed keys (SSE-S3)
- Server-Side Encryption with AWS Key Management Service keys (SSE-KMS)
There are no additional charges with SSE-S3. For SSE-KMS, AWS KMS charges apply. However, KMS are considered more secure since they provide more control to the customer and allow keys rotation.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Misconfigured permissions or direct access to storage drives can lead to data leak.
Remediation guidelines
Enable the encryption by default of the bucket