As a part of Mobile-server application, we wanted users to upload images directly to S3 service instead of uploading them to the backend server, to alleviate the backend and make it more focused on its main function.
We did restrictive policy on AMI user (we are using one AMI user for all mobile users, is that ok?) who are allowed to upload to certain bucket, the question is: In case of stolen access and secret keys, how can I prevent the attacker from arbitrary uploading of images to fill my storage as a kind of harm to my service.
What techniques/strategies should I follow to more protect my account
Aucun commentaire:
Enregistrer un commentaire