MemberSeptember 3, 2021 at 11:56 pm
Q: ” There is an incident with your team where an S3 object was deleted using
an account without the owner’s knowledge. What can be done to prevent
unauthorized deletion of your S3 object “
I think the “without the owner’s knowledge” part of this question lacks clarity. I thought the “ownership” referred to the owner of the S3 object, not the owner of the user account.
In other words, I thought this question meant: somebody was using their rightful account and deleted an object they shouldn’t have. Which lead me to choose “Stricter IAM policies”.
And not: Someone high-jacked an IAM user they shouldn’t have access to to delete a S3 object.
MemberSeptember 6, 2021 at 8:01 am
Thank you for posting your question. I’ll do my best to provide an explanation on this item.
In an AWS environment, there are cases when one service has multiple administrators, or multiple users with read/write access in a team. As such, there are also definitely occasions wherein a team member will accidentally delete something, as part of a routine clean up process for example. If the team does not have adequate access control policies in place, or the team requires elevated permissions, then the best approach for this scenario is to enable MFA delete on objects that shouldn’t be deleted by anyone else but the owner. It is not necessarily about hijacking an IAM user, but rather a mere human error.
This is what I believe is the scenario of this item. We’ll also definitely review this item and see if we can improve the wording of it. I hope I was able to help sort out the confusion.
Adrian Formaran @ Tutorials Dojo
Log in to reply.