AWS security issues show up in tech news fairly often. Today, we talk with someone who wrote about AWS services other than S3 that were found exposed to the public. Could that be some of your services?

Could be. The numbers are pretty impressive. Stay tuned, and find out how to determine whether or not your EBS snapshots, RDS snapshots, AMIs, or ElasticSearch clusters are accidentally public.

Our guest is Scott Piper, an AWS security consultant for Summit Route. You can follow him on Twitter at @0xdabbad00.

We start by exploring the types of AWS resources that can be unintentionally exposed to the public Internet, how to find them, and how to lock them down.

Then we talk about general practices such as vulnerability scanning, how to minimize human error when configuring AWS services, and drill into options such as CloudMapper and Security Monkey, open-source tools to help administrators find and control AWS resources.

Show Links:

Scott Piper on Twitter

Scott Piper’s blog – Duo.com

Scott Piper on GitHub – GitHub

Beyond S3: Exposed Resources on AWS – Duo.com

flAWS Challenge

CloudMapper – GitHub

CloudTracker – GitHub

Netflix Security Monkey – GitHub

Datanauts 086: AWS Identity & Access Management Policies – Packet Pushers

Datanauts 106: Controlling AWS Costs – Packet Pushers