Configuration management

Issues with configuration of AWS service lead to exposure of 5 million records

May 11, 2021
Visitors arrive at the cloud pavilion of Amazon Web Services at the 2016 CeBIT digital technology trade fair in Hanover, Germany. AWS System Manager (SSM) misconfigurations led to the potential exposure of more than 5 million documents with personally identifiable information and credit card transactions on more than 3,000 SSM documents. (Photo by Sean Gallup/Getty Images)
  • Follow the parameters set by AWS. Don’t make information such as activation keys, user names, and emails in clear text, but only with parameters.
  • Remain vigilant of the information the company posts to a public SSM. document. Even if it seems minor, it could offer information to an attacker.
  • Do not share deploy processes and backup procedures.
  • Review any AWS resources included in the SSM document to ensure the configurations are secure.
prestitial ad