Re: Security is an afterthought at AWS
Ok, a few facts:
* When you create an S3 bucket, the default is NO public access.
* when you create a VPC, the default is NO internet access
* when you create an EC2 instance, it’s default security group allows NO inbound access from the internet
* when you create an IAM user or role, by default there are NO permissions defined - hence a default deny
Of course, people can explicitly change these defaults (just like an on-premises firewall can be changed to allow internet connectivity), but that’s the customer. There are an increasing number of tools that also encourage users to think before enabling public access to these things.
You can define IAM policies for users that prevent them making these changes; you can configure services to monitor and react to unwanted changes; you can audit exactly who/when/what was changed.
Finally, AWS never forces a product sale; by its nature, pretty much everything is self service and PAYG; if you don’t like it, stop paying. Makes a nice change from multi-year contracts with penalties for early termination!