Prevent S3 Data Breach Using red-bucket

Red-Bucket Security Scan By Lightspin

S3 is one of the most utilized services when it comes to storing data over the cloud. Back in time, when in-premise workloads used to store data onsite, now is the time when a large amount of data is now stored on storage like Amazon S3.

Storing data on the cloud eliminated the cost of maintaining the physical storage, running around to scale the storage, etc. However, it increased the risk of data breaches and cyber-attacks.

In this article, we will talk about a Python tool red-bucket that helps to identify such security risks in your Amazon S3 buckets. Below we recap on the -

1. Amazon S3 security challenges
2. What is red-bucket?
3. How to set up and run red-bucket ?
4. Running S3 analysis using red-bucket ?
5. Future scope of red-bucket ?

Cloud security challenges

Amazon S3 provides several security features to consider as you develop and implement your own security policies. These best practices are general guidelines and don’t represent a complete security solution.

Are Amazon S3 Security Best Practices enough?

Leveraging S3 security options available, one can specify the amount of access their bucket/objects will have. This can be done by using a bucket policy or an ACL.

Best practices are considerable suggestions not a definitive solution

Even S3 security best practices include — Setting up bucket/objects ACLs, Monitoring events on a bucket using CloudTrail, etc. But these practices might not be appropriate or sufficient for your environment.

S3 Bucket Policy

Following these steps, you can configure your buckets, but how how to determine -

1. Is there any potential data breach in S3 buckets?
2. Which buckets are prone to cross-account malware attacks
3. Are any of the objects public?

The above configurations require human efforts that are prone to generate errors at times. This can lead to misconfiguration while deploying workloads/data over Amazon S3. A cybersecurity research team at LightSpin published that almost 16% of cloud storage data breach is the result of misconfigured buckets with time.

Thanks to Lightspin’s open source contribution ***red-bucket***, now we have a tool to analyze such security risks for us.

What is red-bucket?

Lightspin’s red-bucket is a Python tool built on top of Amazon Boto3 SDK. This tool can scan your S3 buckets for potential data breach and security loopholes that are listed below -

• Bucket’s block public access settings
• Bucket policy and ACL
• Object ACL

red-bucket is very lightweight with only three dependencies. You will need one IAM user credentials with sufficient permissions to call S3 client APIs. Without further ado, let us get started and see how red-bucket works -

How to set up and run red-bucket ?

Note: Following steps apply only for Linux OS

Prerequisites to run red-bucket -

1. Python3 installed. Follow this article to install Python3.
2. Free tier AWS account.
3. IAM user credentials
4. An S3 bucket

1. Install Git

$ sudo apt-get install git

2. Clone red-bucket project

$ git clone <https://github.com/lightspin-tech/red-bucket.git>
$ cd red-bucket

3. Install dependencies

$ pip3 install -r requirements.txt

4. Get your IAM Credentials

Follow this link to know how to create an IAM user. After creating the IAM user, download the credentials CSV and keep it safe with you, we will be needing it further in this tutorial.

And that is all it takes. Now let us run it.

Running S3 Analysis Using red-bucket?

This is where red-bucket shines. It is super easy to run this tool. red-bucket gives us a CLI experience that all developers love. So, let us run our first red-bucket command -

$ python3 main.py [output-csv-path] [AWS-Access-Key-id] [AWS-Aecret-Access-Key]

As seen in the above command, it takes three parameters -

1. output-csv-path:- This is the path of a CSV report that will be created once the analysis is completed
2. AWS-Access-Key-id:-IAM user access key id
3. AWS-Access-Key-id:- IAM user secret key

Output Of The Analysis

I recently ran red-bucket to see how well I have managed files and storage on AWS, from the time I have started using Amazon Web Services.

Well, it did not look good based on the report I got, but anyways — at least now I have a tool that I can regularly run and see how many objects/buckets are securely deployed using red-bucket.

red-bucket generates easy-to-understand CSV data, that clearly states the security risks your buckets/objects are having. Following is one of the first reports that I generated -

red-bucket CSV Output

Three major risks that my buckets were having are -

1. My objects were public and thanks to this CSV, I know which objects.
2. One of my buckets is public.
3. No cross-account attacks on my buckets.

As it is always said -

No proof, No Action

Well, you can see in the report above, the proof that I needed to strictly make sure that my buckets and objects weren’t public and hence preventing data breach.

Coming to cloud security, as previously mentioned — depending just on best practices will never suffice in long run. One always has to depend on tools like red-bucket to analyze and act on the security front for cloud storage.

Cloud security will be no different than on-premise storage. There is infrastructure management, but the security principle stays the same. Securing data on the cloud is going to be very crucial and Lightspin is on its way to prove itself worthy in this arena.

You can check out more findings on — https://blog.lightspin.io/

More About The Author

I am a full-time software engineer with 4+ years of experience in Python, AWS, and many more technologies. I have started writing recently as it helps me to read more. I am looking forward to sharing technical knowledge and my life experiences with people out there.

• Visit Lightspin for securing your Cloud deployments
• Follow us for more on AWS, Python — Varun
• Official Blog— TalkHash

More content at plainenglish.io