- Newest
- Most votes
- Most comments
Hello.
Did you perform versioning settings or backup settings with AWS Backup on your S3 bucket?
If these settings are not made and objects in the S3 bucket are deleted, it will be impossible to restore them unless the original data is managed on a local PC.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html
https://docs.aws.amazon.com/aws-backup/latest/devguide/s3-backups.html
Also, never comply with the attacker's demands.
Your data will not be recovered even if you comply with the attacker's requests.
Also, identify IAM users used for unauthorized access from CloudTrail event history and delete them immediately.
https://repost.aws/knowledge-center/potential-account-compromise
First and foremost, don't listen to bad actors as data wouldn't be recovered regardless. Start following the best practices to secure your AWS account and resources.
As mentioned above, there are some s3 bucket best practices, one must follow and couple of them I'd like to highlight here:
- Enable Versioning and have backups
- Bucket policy must be strict enough, even if someone gets into account, he/she should not have delete access(some sort of DenyAllExcept)
Reference for making your account and resources more secure:
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated a year ago
