by Stephen Kuenzli | May 13, 2020 | AWS, Cloud, Security
Last week I presented ‘Secure an S3 Bucket (and still use it)’ at the Phoenix DevOps meetup. I’m trying to help people understand why and how to protect every S3 bucket with data that needs to remain confidential. We hosted the meetup using Zoom.... 
by Stephen Kuenzli | Apr 10, 2020 | AWS, Cloud, Security
Securing data in S3 is a nightmare for many people. Data breaches from insecure AWS S3 buckets make the news weekly and it’s not just clickbait. AWS Simple Storage Service (S3) is the world’s most successful object storage service. It offers a wide set of... 
by Stephen Kuenzli | Dec 16, 2019 | AWS, Cloud
This is the second post in a series about how the Cloud is changing how we manage network access control and application identity. In particular, my thesis is that the use of a network-centric identity such as an IP address or subnet to identify an application is... 
by Stephen Kuenzli | Dec 9, 2019 | AWS, Cloud, Security
Cloud Pattern: Secure Inbox Today, I’d like to describe a useful pattern for many Cloud-hosted applications, the Secure Inbox. Problem: Organization A needs to publish a work product stored in potentially large files to a consumer in organization B. Organization... 
by Stephen Kuenzli | Dec 6, 2019 | AWS, DevOps, Security
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied Ugh… that looks like it could be the start of a two hour or two week long goose chase. Understanding why access was denied and implementing a... 