Bucket Policies and Defense-in-Depth: Amazon S3
Excellent paper by Rajat Ravinder Varuni and Rafael Marcelino Koike. I read it and it will help me when I have to talk with “people whose heads are in the cloud”.
In this blog post, we show you how to prevent your Amazon S3 buckets and objects from allowing public access. We discuss how to secure data in Amazon S3 with a defense-in-depth approach, where multiple security controls are put in place to help prevent data leakage. This approach helps prevent you from allowing public access to confidential information, such as personally identifiable information (PII) or protected health information (PHI).