Issues with configuration of AWS service lead to exposure of 5 million records
- Follow the parameters set by AWS. Don’t make information such as activation keys, user names, and emails in clear text, but only with parameters.
- Remain vigilant of the information the company posts to a public SSM. document. Even if it seems minor, it could offer information to an attacker.
- Do not share deploy processes and backup procedures.
- Review any AWS resources included in the SSM document to ensure the configurations are secure.