TechQA.

Trigger alarm based on a rate-limit on S3 GetObject and DeleteObject requests

527 views Asked by At

Recently, one of my AWS accounts got compromised, fortunately we were able to change all secure information in time. To avoid recurrence of such a situation the first thing to do would be to have a process in place for secret info management.

That said, I would also want to trigger a cloudwatch alarm in a case where multiple download or delete is taking place from inside my AWS account.

I have come across solutions like

  1. AWS WAF
  2. Have a CDN in place
  3. Trigger a lambda function on an event in S3

Solutions #1 & #2 are not serving to my requirement as they throttle requests coming from outside of AWS. Once it is implemented at S3 level, it will automatically throttle both inside and outside requests.

In solution #3 I could not get a hold of multiple objects requested by an IP in my lambda function, when a threshold time limit and threshold number of file is crossed.

Is raising an alarm by rate-limiting at S3 level a possibility?

amazon-web-services amazon-s3 aws-lambda amazon-cloudwatch amazon-cloudtrail
Original Q&A
1

There are 1 answers

0
AudioBubble On BEST ANSWER

There is no rate limit provided by AWS on S3 directly, but you can implement alarms over SNS Topics with CloudTrails.

Unless you explicitly require anyone in your team to remove the objects in your S3 bucket, you shouldn't provide anyone access. The following are some idea you can follow:

Implement the least privilege access

  • You can block the access to remove the objects on the IAM User level, so no-one will be able to remove any items.
  • You can modify the Bucket policy to provide DeleteObject Access to specific users/roles as conditions.

Enable multi-factor authentication (MFA) Delete

  • MFA Delete can help prevent accidental bucket deletions. If MFA Delete is not enabled, any user with the password of a sufficiently privileged root or IAM user could permanently delete an Amazon S3 object.

  • MFA Delete requires additional authentication for either of the following operations: Changing the versioning state of your bucket Permanently deleting an object version.

S3 Object Lock

S3 Object Lock enables you to store objects using a "Write Once Read Many" (WORM) model. S3 Object Lock can help prevent accidental or inappropriate deletion of data. For example, you could use S3 Object Lock to help protect your AWS CloudTrail logs.

Amazon Macie with Amazon S3

Macie uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.

You can learn more about the best Security Practices with S3. https://aws.amazon.com/premiumsupport/knowledge-center/secure-s3-resources/

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in AWS-LAMBDA

Related Questions in AMAZON-CLOUDWATCH

Related Questions in AMAZON-CLOUDTRAIL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions