Amazon S3 Weekly — 2026-06, Week 22
Editor’s Note
This week’s coverage centers on a theme that surfaces repeatedly in operational security reviews: the gap between what infrastructure-as-code tooling makes easy and what it makes safe. A community research project has put a sharp point on credential exposure risks in S3-hosted Terraform state, while AWS’s ongoing audit logging series offers a counterweight — concrete guidance on how to instrument S3 environments for visibility and accountability.
Security and Compliance
Live AWS Credentials Found in Publicly Accessible Terraform State Files
A community researcher scanning publicly accessible S3 buckets identified 900 that were exposing Terraform state files; of those, 41 contained live AWS credentials. The finding is a direct consequence of two compounding misconfigurations: buckets left without adequate access controls, and state files stored without server-side encryption. For teams using S3 as a Terraform remote backend, the implication is straightforward — access policies, bucket policies, and encryption at rest are not optional hygiene. They are the primary barrier between a routine infrastructure workflow and a full credential compromise. Read the full research.
Worth Reading
- Amazon S3 Audit Logging Part 2: Centralized Logging and Analysis of S3 Data Events in AWS CloudTrail — AWS guidance on aggregating and querying S3 data events through CloudTrail for security and compliance purposes.
- Amazon S3 Audit Logging Part 3: Analyzing S3 Metadata Journal Tables for Object Lifecycle Tracking — Covers how to use S3 metadata journal tables to reconstruct object lifecycle history, relevant for audit trails and forensic workflows.