DEV Community

Dhruv malaviya
Dhruv malaviya

Posted on

5 Cloud Security Mistakes That'll Get You Hacked (And How to Fix Them)

5 Cloud Security Mistakes That'll Get You Hacked
A friend's startup got breached last month.

Cause? Public S3 bucket with customer data.

Fix time? 5 minutes.

Damage? $50K + lost customer trust.

Don't be that startup. Here are the 5 mistakes I see every week

1. Wildcard IAM Policies ❌
JSON

{ "Action": "*", "Resource": "*" }

Fix — Be specific:

{
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::my-bucket/*"
}

2. Public Storage Buckets ❌
Fix — Block public access:

Bash

aws s3control put-public-access-block \
--account-id 123456789012 \
--public-access-block-configuration \
"BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

3. No Encryption ❌
Fix — Enable default encryption:

hcl

`resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = aws_s3_bucket.my_bucket.id

rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
}
}
}`

4. Missing MFA ❌
Fix — Enforce via SCP:

JSON

{
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"BoolIfExists": {"aws:MultiFactorAuthPresent": "false"}
}
}

5. No Monitoring ❌
Fix — Quick security scan:

Bash

`#!/bin/bash
echo "🔍 Checking public S3 buckets..."
aws s3api list-buckets --query 'Buckets[].Name' --output text | while read bucket; do
aws s3api get-public-access-block --bucket $bucket 2>/dev/null || echo "⚠️ $bucket: No public access block!"
done

echo "🔒 Checking open security groups..."
aws ec2 describe-security-groups \
--filters "Name=ip-permission.cidr,Values=0.0.0.0/0" \
--query 'SecurityGroups[].GroupName' --output text

echo "👤 Checking MFA..."
aws iam list-users --query 'Users[].UserName' --output text | while read user; do
aws iam list-mfa-devices --user-name $user --query 'MFADevices' --output text | grep -q . || echo "⚠️ $user: No MFA!"
done`

**Quick Tools
**Bash

pip install prowler
prowler aws --checks cis_2.0

*Do This NOW
*

  • Enable S3 Block Public Access
  • Turn on default encryption
  • Enable MFA on root account
  • Run Prowler scan TL;DR: Least privilege + Encryption + MFA + Monitoring = 95% fewer breaches.

Like this? ❤️ Follow for more quick DevOps tips.

cloudsecurity #aws #devops

Top comments (0)