Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, that part is confusing. Since I posted the above a few more details came out, but it seems like the WAF may have been involved because it wasn't configured to block requests to the IAM instance metadata endpoint, which would have allowed the attacker to operate in the scope of the instance, which seems to have had the S3 permissions. But again, entirely conjecture on my part at this point.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact