S3 exposure and data protection
What is this lab?
A hands-on Amazon S3 lab for reviewing buckets and objects through a security lens: public exposure, bucket policies, ACLs, block public access, encryption, logging, versioning, and related controls.
What you will learn
- How buckets, objects, and policies interact to allow or deny access
- Finding public or overly broad exposure via policies, ACLs, and settings
- Encryption, versioning, and logging as part of a data-protection story
- Practical review workflows for storage risk in AWS
Prerequisites
Tools
- Web browser and access to the AWS console or lab portal
Knowledge
- Basic S3 concepts (bucket, object, prefix)
Launch the lab
Open S3 exposure and protection in CSN Labs →
Getting started
- Start the lab and open the console or portal URL provided.
- List buckets and sample objects relevant to the exercise.
- Inspect block public access, bucket policies, ACLs, and encryption settings before drawing conclusions.
How to use this lab
- Reconcile bucket-level and object-level settings; neither alone tells the full story.
- Note how public access block settings interact with policies and ACLs.
- Record findings as: bucket or object, issue, data at risk, recommended control.
Challenge themes
- Recon — what is stored and how is it reachable?
- Public exposure — policies and ACLs that widen access
- Encryption — server-side encryption coverage and key usage
- Logging and versioning — visibility and recovery readiness
- Hardening — least privilege, restricted policies, monitoring
Scenarios
Scenario walkthroughs for this lab will be added here over time.
Safety and ethics
Use only accounts and data you are authorized to assess.