Last week I presented ‘Secure an S3 Bucket (and still use it)’ at the Phoenix DevOps meetup. I’m trying to help people understand why and how to protect every S3 bucket with data that needs to remain confidential.

We hosted the meetup using Zoom. Attendee participation was strong and people said the content was on-target, clear, and helpful. We covered:

  • Why this matters
  • How AWS access policies are evaluated
  • Common Mistakes
  • Demo: The Path to Least Privilege
  • Q & A

I’m on a mission to put “a security in every bucket” and I hope this helps you too.

The video is available on YouTube (1h 5m):

I also shared the:

Hit reply if there’s anything else I can help you with. I can you verify your bucket policy does what you think it does all the way to helping you roll out strong AWS security policy engineering and review practices.

Take care,