:wave: I'm the author of the post! Anyone have any IAM horror stories of their own? Or examples of amazing IAM policies that really show their power?

I continue to be surprised by the so-called "S3 Bucket Negligence Award" which feels like the intersection of IAM and S3 configuration ugliness that result in so many public horror stories like: - https://www.upguard.com/breaches/attunity-data-leak - https://www.lastweekinaws.com/newsletter/reinforce-meant-lea...

It's hard to get it right, though that's not to shift blame away from those who spilled info about others because they couldn't figure out how to lock buckets and objects down.

One way is to scaffold in bucket policies that ensure data is always: encrypted at rest, encrypted in transit, and locked down so objects can't be public. People can override these if needed, but because these settings are the default most people don't know about them or know how to set them up.

At Stackery we always scaffold in S3 Buckets with these settings in place, while giving you the ability to check boxes to turn on website hosting or allow contents to be publicly available. That helps ensure people configure things right the first time and every time!

stackery.io | Portland, OR | Onsite | Full-Time | Senior Frontend Engineer (ReactJS)

At Stackery we’re building the first ops solution for serverless infrastructures. We help our customers design, deploy, and monitor their infrastructure built on top of cloud infrastructure providers like AWS Lambda and Azure Functions.

The Stackery dashboard helps our customers build serverless apps. We are looking for a frontend engineer who can help us take our dashboard to the next level.

See full job description at https://www.stackery.io/jobs/senior-frontend-engineer-06-201...

Apply by sending your resume to workwithus@stackery.io

Yeah, I've been researching Express, too. It's pretty straightforward as well. Expect a blog post on that shortly :).