Skip to content


IAM policy mishaps: Case 1 - S3

Continuing with the series of posts related to IAM misconfigurations, we are going to delve a bit into its use focused on the AWS S3 service.

To do this, we will look at the different ways we can control the security of the service and how dangerous it is to apply a policy without clearly understanding what it does.


If you want to directly try the examples we are going to present, take a look at our repo .

We have prepared different scenarios in Terraform .