Locking Down Your S3 Buckets With Terraform

Every time I hear about a company’s critical data being left exposed on the internet, I start thinking about my S3 buckets. I recently started creating some buckets with Terraform and realized acl = "private" isn’t as private as we would like. With that setting it’s still possible for objects to be put into the bucket with less restrictive ACLs. You know you only have "private" set when you see the text “Objects can be public” next to the bucket in the console.

To lock down your bucket, you’ll want to use the aws_s3_bucket_public_access_block resource. The full details can be found in the AWS S3 Block Public Access documentation. Here’s a full Terraform example:

resource "aws_s3_bucket" "private-bucket" {
  bucket = "private-bucket-sample"
  acl = "private"
}

resource "aws_s3_bucket_public_access_block" "private-bucket-public-access-block" {
  bucket = aws_s3_bucket.private-bucket.id
  block_public_acls = true
  block_public_policy = true
  ignore_public_acls = true
  restrict_public_buckets = true
}

When you’ve applied that block, you should see “Bucket and objects not public” next to your bucket in the console.

If you need public access to your S3 objects use CloudFront or maybe signed URLs. If you really must have public S3 objects, I would suggest moving that data to a separate AWS account. It’s pretty easy to manage multiple AWS accounts these days and having a separate account for your public bucket makes a lot of sense.

The iPhone Switch

I’ve been using my iPhone XS for about 3 weeks now after my hellish Google support experience. So far the transition has been mostly painless. Here’s what I’m enjoying from the hardware side of things.

Battery Life

There’s a Google billboard off the 101 on your way out of San Francisco where Google claims the Pixel 3’s battery life is superior to the iPhone XS. My experience has been quite the opposite. I would typically get range anxiety with my Pixel 3 if I was going to have it away from a charger for a full day. My iPhone XS has been lasting about 1.5 days with typical usage before I get to around 30% remaining.

Bluetooth

I’m not sure how they do it but all my Bluetooth devices sound better connected to my iPhone than they did with any of my Pixels. They connect quickly and I rarely get any drop outs even with the phone in my front pocket (i.e. my body between the phone and my headphones). I also have a Wahoo Tickr heart rate monitor and that connected right way with Strava. I can’t believe Google makes this seem so hard.

Face ID

I’ve been using fingerprint readers on my phones since the Nexus 6P and I’ve found them to work pretty well. I was a little surprised the iPhone XS didn’t have a fingerprint reader and I wasn’t sure what to think about using my face to unlock my phone. According to Apple ” Face ID data doesn’t leave your device and is never backed up to iCloud or anywhere else.” I’m not willing to give my face to the government but I am willing to trust Apple (at least for now) when they say my data is staying on the device.

So far the results have been pretty impressive, it picks up my face when I’m looking at the front of the phone but (more importantly to me) it doesn’t pick it up when I’ve got my sunglasses on or if I’m looking away. It even works well in low light situations. I experimented with tuning down the security level by turning off the attention awareness. It works as advertised but I prefer the added level of security that the attention awareness offers.

Camera

I haven’t taken a load of pictures but the few I have taken have turned out well enough. I took this shot six miles into the Bridge to Bridge run and yet it’s still crisp and looks like I had a steady hand (I didn’t!).

Fort Point during the Bridge to Bridge Run

By most standards, the quality should phenomenal but the Pixel camera was pretty good… when it worked. That’s the important thing, I haven’t had the iPhone camera fail on me once when I wanted to pop off a shot. Even before my recent debacle with Google, the Pixel camera was somewhat unreliable.

Conclusions

I’m pretty happy with my switch to the iPhone, aside from the dent in the wallet, it has been a pretty smooth transition for a decade long Android user.