Generate an S3 bucket name that is hard to guess to mitigate DoS billing attack discussed in below article and thread.
s3-bucket-name-generator.sh [ -t ]
- -t
- Enforce S3 bucket name restriction when using Amazon S3 Transfer Acceleration, that is, no dots (.) allowed.
References:
How an empty S3 bucket can make your AWS bill explode | by Maciej Pocwierz | Apr, 2024 | Medium
How an empty S3 bucket can make your AWS bill explode | Hacker News
Bucket naming rules - Amazon Simple Storage Service
Using Password Strength Tester with a randomly-selected password generated by this tool, we can roughly expect about 290 entropy bits as calculated by Claude Shannon's way of calculating it, 370 entropy bits as calculated by the trigraph way of calculating it. 60-70 entropy bits is generally considered very strong, so this should be sufficient until cloud providers deliver a stronger defense.
Requires makepasswd(1) tool at khorben/makepasswd: Makepasswd generates (pseudo-)random passwords of a desired length, which is available in many Linux distributions.
In Red Hat Enterprise Linux, CentOS, Rocky Linux, Fedora and distributions that use dnf
:
sudo dnf install makepasswd
In Debian, Ubuntu, Mint, Elementary OS and distributions that use apt-get
:
sudo apt-get install makepasswd
In Arch Linux, Manjaro and distributions that use pacman
:
sudo pacman -S makepasswd
As of April 2024, we could not find makepasswd in NixOS packages searching at:
https://search.nixos.org/packages?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=makepasswd
Under NixOS, makepasswd(1) might need to be built and packaged from source. We opened Issue
NixOS/nixpkgs#308030
requesting packaging of makepasswd(1). Also not found in Homebrew at https://formulae.brew.sh/.
Copy down s3-bucket-name-generator.sh
to your computer, set execute permission bits with chmod u+x s3-bucket-name-generator.sh
, and execute with ./s3-bucket-name-generator.sh
. We expect this
attack vector will be mitigated relatively promptly, so didn't bother packaging for easier installation, but welcome Pull Requests that implement the packaging
if others submit them.