There has been recent media news about attackers obtaining AWS credentials for S3 bucket access and encrypting bucket contents for ransom. Please review this blog https://aws.amazon.com/blogs/security/p ... s3-objects and implement the relevant steps to avoid this problem.
Step 1 does not currently apply to VBR, although periodic key rotation is a best practice.
Step 2 works in conjunction with Veeam’s immutability feature (checkbox on the repository). Do not enable S3 Lifecycle Policies on Veeam repositories.
Step 3, monitoring resources, is a best practice for Veeam environments.
Implement step 4 by modifying IAM to block encryption on buckets used for Veeam backup repositories. The example resource policy is reproduced here.
These changes are simple and can protect you from this attack vector. Also, enabling object lock/immutability is a best practice for repositories storing critical or sensitive data.
William Quigley - AWS
Step 1 does not currently apply to VBR, although periodic key rotation is a best practice.
Step 2 works in conjunction with Veeam’s immutability feature (checkbox on the repository). Do not enable S3 Lifecycle Policies on Veeam repositories.
Step 3, monitoring resources, is a best practice for Veeam environments.
Implement step 4 by modifying IAM to block encryption on buckets used for Veeam backup repositories. The example resource policy is reproduced here.
Code:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "RestrictSSECObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::<your-bucket-name>/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption-customer-algorithm": "false" } } } ] }William Quigley - AWS
Statistics: Posted by wjquigs — Apr 16, 2025 2:43 pm