Just a few days ago Amazon S3 team sent an email to many of their customers warning them about the bucket settings with the following subject: "Important Security Notification regarding your Amazon S3 bucket settings." The email was sent to the users with the buckets configured in such as way that allows changing bucket contents by anonymous users causing potential data loss.
This email stirred up a number of discussions such as this one on the Amazon S3 forum and a number of requests for a simple tool to validate the bucket settings and a quick fix. We have decided to add a simple Security Assessment report to MSP360 Explorer for Amazon S3 that will validate the bucket settings, find the buckets configured for anonymous access and offer a quick way to fix it (or in other words disable anonymous access).
- To run the report, click Security Assessment in the product menu and then Run Now:
or select an item in the context menu:
- The new tab will open and start analyzing the buckets. Once it is done, you will get a window with a summary report like the one below:
- The buckets with public read access will show up with the exclamation mark icon. Now you can right-click the problematic bucket and click Fix to remove anonymous access:
You can also fix the permissions for all buckets at once using the Fix All toolbar button:
We hope you like the new feature and keep using MSP360 S3 Explorer for other S3 and CloudFront related tasks on the Windows platform.
Note: this post applies to MSP360 Explorer 2.9.2 and later.
As always we would be happy to hear your feedback and you are welcome to post a comment.