S3 Bucket Namesquatting - Abusing predictable S3 bucket names – One Cloud Please

No worries! Security is our number one priority (even s3 naming), and so it was well worth it to tighten up the hatches. In this case you:

  • exposed an interesting part of s3 that most service teams don't run into on a regular basis
  • Gave us a playground to grow, since it seems you were not using the s3 buckets.

In Lambda's case, due to the genericness of the name of the bucket, anyone can incidentally snipe our buckets and it was just like "oh..what if this is a real customer? It would be super uncool if I was hosting a website in an s3 bucket and Lambda came in and took my bucket because it had their name convention". You gave us some good learnings and a better system overall where we will never do that scenario, in a fun way that didn't harm anything. Win-win, and well worth the time spent.

/r/aws Thread Parent Link - onecloudplease.com