• Echo Dot@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Yeah I could see it being left like this for an hour or so while someone finds out what the actual security configurations are supposed to be, during which time it wouldn’t have any data in it. But to leave it like this for any period of time is ridiculous and to release it like this is criminal.

    • FauxLiving@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      6
      ·
      2 days ago

      It’s not great, but it’s an acceptable kludge if you’re the one holding everyone back and you can’t figure out the problem immediately. Set it to public, let the devs get to work and research the problem until you find a real solution.

      The test environment data should be generic so if someone were to discover the bucket they’ll get some pictures of cats and a bunch of people who live at 12345 anywhere street.

      • gravitas_deficiency@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        ·
        2 days ago

        It’s a bad idea to leave your S3 perms wide open, because then anyone can use your S3 bucket for whatever reason they want, and it’ll hit your wallet. And if they can’t figure out basic IAM and ACLs, I’m also betting they can’t figure out “requester pays”

      • blargh513@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        2 days ago

        What? No, this is a horrible practice.

        If you can’t figure out how to set identity-based ACLs you shouldn’t be working in technology! Oh I’ll just set this shit to any/any and figure out later. FUCK ANYONE WHO DOES THIS IN THEIR LEFT EAR.