July 3, 2026
With Great Access Comes Great Responsibility
Access control is the most boring topic in tech, right up until one bad setting leaks thousands of people’s private data. AWS S3 makes…

By Has
1 min read
Access control is the most boring topic in tech, right up until one bad setting leaks thousands of people's private data. AWS S3 makes storage effortless, and that ease can quietly hide risk. A single bucket can hold screenshots, documents, logs, backups, and personal records, and the danger begins the moment an app gets more access than it actually needs.
Here's a real-world flavor of how it happens. An online entrance exam required candidates to install a monitoring app. During the exam, the app quietly took screenshots and uploaded them to an S3 bucket. Think about what a screenshot can contain: your name, your email, open chats, browser tabs, files sitting on your desktop. This is exactly the kind of data that demands airtight protection and it didn't get it.
The app only needed to do one thing, upload a screenshot to its own exam session folder. Instead, the credentials baked into it could list the entire bucket, read other candidates' screenshots, and even modify or delete files. A simple upload feature had become a master key to everyone's private data. This is the classic failure of least privilege, the principle that every app should get exactly the access its job requires, and nothing more.
Some teams try to patch this problem with obfuscation, i.e bury the AWS credentials deep in the binary and hope nobody looks. But once your app runs on a user's machine, its secrets are effectively public. Obfuscation slows down a curious researcher by an afternoon, and it fixes nothing underneath.
Secret rotation helps more. Keys leak through code, logs, builds, and binaries all the time, and rotating them regularly limits the blast radius after exposure. But rotation can't save a system where the leaked key has full bucket access.
The real fix isn't exotic. The backend should verify each exam session and issue a scoped, temporary token that can write to one assigned path and nothing else. The bucket should block public access entirely, every candidate should get a separate path with rules preventing anyone from reading someone else's data, and logging with alerts should catch unusual reads, deletes, or mass access before they become headlines.
Notice what's missing from that design? Reliance on the app staying secret. Someone will eventually inspect the binary, and a well-built system stays safe even after its client is fully reverse-engineered. That is the real test of security. Not how well you hide, but how little a discovered secret can do.
With great access comes great responsibility. In AWS, that responsibility comes down to a few simple habits, limit permissions to the bare minimum, rotate your secrets, never ship powerful keys in client apps, log everything sensitive, and treat every S3 bucket as if it holds private data. Because one day, it will.