undefined | Better HN

0 pointsSOLAR_FIELDS7mo ago0 comments

The problem is that the default behavior for this is opt-in, rather than opt-out. No one prefers opt-in. So why is it opt-in?

0 comments

icedchai7mo ago

If it were opt-out someone would accidentally leave it on and eventually realize that entire systems had been accidentally "backed up" and exfiltrated to S3.

SOLAR_FIELDSOP7mo ago

What? The same is possible whether it's opt-in or opt-out. It's just that if you have the gateway as opt-out you wouldn't also have this problem AND a massive AWS bill. You would just have this problem.

Spivak7mo ago

The bad situation is if you created a VPC with no internet access but the hypothetical automatic VPC endpoint still let instances access S3. Then a compromised instance has a vector for data exfiltration.

icedchai7mo ago

No, with opt-in the VPC subnet is secure by default. Someone has to explicitly allow access to S3 (or anything else.)

otterley7mo ago

AWS VPCs are secure by default, which means no traffic traverses their boundaries unless you intentionally enable it.

SOLAR_FIELDSOP7mo ago

"The door is locked, so instead of suggesting to the end user that they should unlock the door with this key that we know how to give the end user deterministically, we instead tell them to drive across town and back on our toll roads and collect money from it"

This has been a common gotcha for over a decade now: https://www.lastweekinaws.com/blog/the-aws-managed-nat-gatew...

otterley7mo ago

Speaking solely on my own behalf: I don't know a single person at AWS (and I know a lot of them) who wants to mislead customers into spending more money than they need to. I remember a time before Gateway Endpoints existed, and customers (including me at the time) were spending tons of money passing traffic through pricey NAT Gateways to S3. S3 Gateway Endpoints saved them money.

1 more reply

j / k navigate · click thread line to collapse

0 comments

icedchai7mo ago

If it were opt-out someone would accidentally leave it on and eventually realize that entire systems had been accidentally "backed up" and exfiltrated to S3.

SOLAR_FIELDSOP7mo ago

Spivak7mo ago

icedchai7mo ago

No, with opt-in the VPC subnet is secure by default. Someone has to explicitly allow access to S3 (or anything else.)

otterley7mo ago

AWS VPCs are secure by default, which means no traffic traverses their boundaries unless you intentionally enable it.

SOLAR_FIELDSOP7mo ago

This has been a common gotcha for over a decade now: https://www.lastweekinaws.com/blog/the-aws-managed-nat-gatew...

otterley7mo ago

1 more reply

j / k navigate · click thread line to collapse