Terraform code for Leverage Reference Architecture for AWS, designed under optimal configs for the most popular modern web and mobile applications needs.
According to this article, just knowing the name of a bucket, regardless of the bucket being private or public, issuing an unauthorized PUT request will charge the bucket owner.
At the moment, it seems that only making it difficult for attackers to know the bucket name is the only action we can take. That's why we suggest using a random suffix on the bucket name, which is one the recommendations the article makes.
Describe the Feature
According to this article, just knowing the name of a bucket, regardless of the bucket being private or public, issuing an unauthorized PUT request will charge the bucket owner.
At the moment, it seems that only making it difficult for attackers to know the bucket name is the only action we can take. That's why we suggest using a random suffix on the bucket name, which is one the recommendations the article makes.