In Chapter 7, Reconnaissance – Identifying Vulnerable S3 Buckets, we saw how we can create a vulnerable S3 bucket. It's time to perform those steps again. Let's start by going to Services | S3:
- Create a new bucket, name it, and then go to Set permissions
- Disable all the settings given in the following screenshot and create the bucket:
Setting permissions
- Go to the bucket's Access Control List and allow public read/write access:
Access Control List
- Save all the settings
Our vulnerable AWS infrastructure is ready. Next, we will configure and run Scout Suite and see how it can identify all the security misconfigurations that we have created.