HomeVulnerabilityPredictable AWS cloud deployment assets permit full account takeover

Predictable AWS cloud deployment assets permit full account takeover

S3 bucket name-squatting

CDK is AWS’ open-source framework organizations use to outline their infrastructure as code (IaC), the method of provisioning and managing computing assets by utilizing code fairly than configuring bodily {hardware} manually, utilizing programming languages like Python, TypeScript, or JavaScript.

So as to have the ability to use the AWS CDK, customers must bootstrap their atmosphere to organize it for CDK stack deployments. CDK bootstrapping creates a CloudFormation template file that deploys the important infrastructure elements, together with entry roles, configurations, insurance policies, and an S3 staging bucket.

The created staging S3 bucket follows a particular naming sample: cdk-{qualifier}-assets-(account-ID}-{Area}. The problem stems from the truth that customers working the CDK bootstrap command hardly ever customise the “qualifier,” which is defaulted by AWS to “hnb659fds.” 

See also  PCI DSS defined: Necessities, fines, and steps to compliance
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular