Skip to content
/ s3-bucket-name-generator Public

Generate an S3 bucket name that is hard to guess to mitigate DoS billing attack

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

automaticit-anthonyyen1/s3-bucket-name-generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

s3-bucket-name-generator.sh

s3-bucket-name-generator.sh

 
 

Repository files navigation

s3-bucket-name-generator

Generate an S3 bucket name that is hard to guess to mitigate DoS billing attack discussed in below article and thread.

Usage

s3-bucket-name-generator.sh [ -t ]

OPTION

-t
Enforce S3 bucket name restriction when using Amazon S3 Transfer Acceleration, that is, no dots (.) allowed.

References:
        How an empty S3 bucket can make your AWS bill explode | by Maciej Pocwierz | Apr, 2024 | Medium
        How an empty S3 bucket can make your AWS bill explode | Hacker News
        Bucket naming rules - Amazon Simple Storage Service

Using Password Strength Tester with a randomly-selected password generated by this tool, we can roughly expect about 290 entropy bits as calculated by Claude Shannon's way of calculating it, 370 entropy bits as calculated by the trigraph way of calculating it. 60-70 entropy bits is generally considered very strong, so this should be sufficient until cloud providers deliver a stronger defense.

Requires makepasswd(1) tool at khorben/makepasswd: Makepasswd generates (pseudo-)random passwords of a desired length, which is available in many Linux distributions.

In Red Hat Enterprise Linux, CentOS, Rocky Linux, Fedora and distributions that use dnf:

sudo dnf install makepasswd

In Debian, Ubuntu, Mint, Elementary OS and distributions that use apt-get:

sudo apt-get install makepasswd

In Arch Linux, Manjaro and distributions that use pacman:

sudo pacman -S makepasswd

As of April 2024, we could not find makepasswd in NixOS packages searching at:
        https://search.nixos.org/packages?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=makepasswd
Under NixOS, makepasswd(1) might need to be built and packaged from source. We opened Issue
        NixOS/nixpkgs#308030
requesting packaging of makepasswd(1). Also not found in Homebrew at https://formulae.brew.sh/.

INSTALL

Copy down s3-bucket-name-generator.sh to your computer, set execute permission bits with chmod u+x s3-bucket-name-generator.sh, and execute with ./s3-bucket-name-generator.sh. We expect this attack vector will be mitigated relatively promptly, so didn't bother packaging for easier installation, but welcome Pull Requests that implement the packaging if others submit them.

About

Generate an S3 bucket name that is hard to guess to mitigate DoS billing attack

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages