Advancedcloud-security
The Open Bucket
A security scanner flagged an S3 bucket as publicly accessible. It contains customer invoices uploaded by the billing service. The bucket has been public for 3 weeks since a Terraform change removed the block_public_access setting. Legal needs to know the blast radius. The clock is ticking on a 72-hour GDPR breach notification.
INCOMING INCIDENT
$ incident --describe the-open-bucket
A security scanner flagged an S3 bucket as publicly accessible. It contains customer invoices uploaded by the billing service. The bucket has been public for 3 weeks since a Terraform change removed the block_public_access setting. Legal needs to know the blast radius. The clock is ticking on a 72-hour GDPR breach notification.
5
Decision Points
60s
Per Step
500
Max Score
300
Passing Score