Review Our AWS Security

[dcollie2]

The training materials are proprietary materials provided under the condition that they are not distributed outside of our project. Our end users use an app on their phone to connect to the local Pi or minicomputer. The files are not exposed to end users except through those devices.

We need to review our AWS usage to make sure we are following proper best practices, particularly regarding anything that could grant access to the media files.

[dmitrytrager]

The very first measures we can take here:

1. Make sure private S3 bucket is used
2. Use dedicated IAM role, do not give full access to bucket
3. Use server side encryption for bucket: SSE-S3 (AES-256) or SSE-KMS (with AWS KMS keys)

@dcollie2 ^^

[dmitrytrager]

Next steps would be to check CORS rules, HTTPS using, validations etc