-
Notifications
You must be signed in to change notification settings - Fork 0
/
E4T4.txt
16 lines (8 loc) · 998 Bytes
/
E4T4.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# What additional architectural change can be made to reduce the internet facing attack surface of the web application instance.
**Either remove the public facing ipv4 or specify SSH for certain approved IP addressess.
# Assuming the IAM permissions for the S3 bucket are still insecure, would creating VPC private endpoints for S3 prevent the unauthorized access to the secrets bucket.
**No VPC endpoints would not stop unauthorized access to the secret.txt if the IAM permissions are still insecure.
# Will applying default encryption setting to the s3 buckets encrypt the data that already exists?
**No, applying default encryption will not encrypt all the existing files. You would need to go back and encrypt those files and then delete the older ones for security reason.
# What would happen if the original cloud formation templates are applied to this environment.
**The same code would be invoked, and all the security risks that were identified will again come back in the setup.