Secure S3 with Amazon Macie
Learn how to unlock the power of Amazon Macie
for defending S3
Secure S3 with Amazon Macie
Learn how to unlock the power of Amazon Macie for defending S3
Overview
We created this beginner-friendly and hand-on lab to teach about Amazon Macie, and how this powerful service can be used to improve the security of deployed S3 buckets. The lab covers discovery of sensitive data as well as highlighting buckets that are world-readable and world-writable.
Scenario
Amid the undercurrents of the dark web, chatter is growing louder: Huge Logistics might be the next big target. Forensic traces hint at advanced adversaries conducting OSINT and mapping out their digital terrain. Hearing the whispers, the higher-ups at Huge Logistics are starting to sweat. They've reached out to your team to assess Huge Logistics' cloud security posture, starting with S3. Your primary tool for this mission: Amazon Macie. Your tasks are multi-fold: learn how to set up and configure Amazon Macie in order to discover and classify the company's crown jewels, and unearth any sensitive data in the deployed S3 data estate. The clock is ticking, and every piece of data could be a potential way in for threat actors.
Lab prerequisites
Learning outcomes
- Enabling and configuring Amazon Macie
- Using the AWS Console to analyze Macie findings
- Using the AWS CLI to analyze Macie findings
Real-world context
Amazon S3 bucket security misconfigurations have been one of the most common and serious security issues faced by AWS users, implicated in countless breaches. These issues can result in customers and clients being placed at risk, reputational damage, and regulator fines. Amazon Macie is one of the services offered by AWS to enhance data security and data privacy for Amazon S3 resources. Macie uses machine learning to automatically discover, classify, and protect sensitive data. Using Macie we can identify sensitive data like PII and also identify S3 buckets that are world-readable and world-writable.
Pwned Labs:
Your cloud security training ground
Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.