Corey Quinn and Daniel Grzelak take you on a journey through the wild and wonderful world of Amazon S3 in this episode. They explore the fun quirks and hidden surprises of S3, like the mysterious "Schrodinger's Objects" from incomplete uploads and the head-scratching differences between S3 bucket commands and the S3 API. Daniel and Corey break down common misunderstandings about S3 encryption and IAM policies, sharing stories of misconfigurations and security pitfalls.

Show Highlights: 

(00:00) - Introduction

(03:49) - Schrodinger's Objects

(05:23) - S3 Permissions and Security

(06:44) - Incomplete Multipart Uploads Causing Unexpected Billing Issues

(10:28) - Historical Oddities and Unexpected Behaviors of S3

(12:00) - Encryption Misconceptions

(15:17) - Durability and Reliability of S3

(17:49) - AWS Security and Trust

(21:01) - Practical Tips for S3 Users

(26:10) - Compliance Locks and Data Management

(29:13) - Closing Thoughts

About Daniel:

Daniel Grzelak is a 20-year cybersecurity industry veteran, currently working as Chief Innovation Officer at Plerion. He is no longer the CISO at Linktree nor the Head of Security at Atlassian, but he tries to stay relevant by hacking AWS and Cloud in general.

Links Referenced:

Personal Website: https://dagrz.com/

LinkedIn: https://www.linkedin.com/in/danielgrzelak/

Things you wish you didn't need to know about S3: https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/

S3 Bucket Encryption Doesn't Work The Way You Think It Works: https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/

*Sponsor

Panoptica: https://www.panoptica.app/