Comment by SOLAR_FIELDS

Comment by SOLAR_FIELDS 5 days ago

2 replies

View on Hacker News

What? The same is possible whether it's opt-in or opt-out. It's just that if you have the gateway as opt-out you wouldn't also have this problem AND a massive AWS bill. You would just have this problem.

Spivak 5 days ago

The bad situation is if you created a VPC with no internet access but the hypothetical automatic VPC endpoint still let instances access S3. Then a compromised instance has a vector for data exfiltration.

Reply View 0 replies
icedchai 5 days ago

No, with opt-in the VPC subnet is secure by default. Someone has to explicitly allow access to S3 (or anything else.)

Reply View 0 replies