Article

    7 cloud security issues and AWS security best practices

    AWS continues to evolve its security offerings, addressing emerging threats and improving cloud security. Here are some of the recent advancements.

    Service

    IT Outsourcing Staff Augmentation Cloud Transformation

    Cloud security in Amazon Web Services (AWS) has evolved significantly in recent years. Stronger defaults, expanded native tooling, and more automation have made it easier to secure cloud environments at scale. Still, most serious security incidents today are not caused by platform weaknesses, but by configuration mistakes.

    AWS continues to invest heavily in security across identity, storage, data protection, and network controls. Centralized identity management, tighter S3 access controls, AI-assisted data discovery, and native network firewalls are now standard components of modern AWS environments.

    Yet many organizations continue to run into security issues during setup and day-to-day operations. Overly broad permissions, disabled logging, misconfigured storage, or permissive network rules can quietly introduce risk, even for experienced cloud teams.

    This article looks at seven common AWS security issues that still appear frequently in real-world environments, and explains how to address them using established AWS security best practices. The aim is to help teams reduce avoidable risk early, before small misconfigurations turn into serious incidents.

    Main AWS security concerns

    Top 7 AWS security
    best practices

    Security gaps at the cloud infrastructure level can affect applications, data stores, internal systems, and external services alike. Below are seven of the most common AWS security problems, and how to mitigate them.

    1.

    Insufficient Permissions & Encryptions

    Within AWS is the option to store and retrieve data using the Simple Storage Service (S3) infrastructure, also known as S3 buckets. Users can choose to create a bucket within a specific region (anywhere in the world you choose), and upload the data quickly and cheaply. 

    However, the problem is that it’s too easy to make what should be a private bucket public. This means that anyone with an AWS account, and even anonymous users who can access it, one way or another. In 2018, Symantec found that 70 million buckets were accessible or had data stolen or leaked due to poor configuration issues. 

    Solution 

    Making sure, at the configuration stage, that an S3 bucket is private, or permissions have been granted the right way to specific users or groups, especially if you’re storing anything sensitive within this bucket. Implement AWS Identity Center for centralised access management and use AWS Macie for automatic sensitive data discovery and protection.

    2. 

    Accidentally making Amazon Machine Images (AMIs) public 

    Amazon Machine Images (AMIs) contain everything anyone would need to launch an Amazon Elastic Compute Cloud (EC2) instance. AMIs contain everything you would need to replicate something a company is already using for elastic cloud-based storage (e.g. the operating system, server and applications).

    Accidentally making an AMI public makes your company incredibly vulnerable to security threats and is unfortunately easy to do in error. Anyone with an AWS account can even be shared within an AWI catalog, which could mean sensitive data is shared in the public domain. 

    Solution 

    At the configuration stage, making sure an AMI is set to private is the most effective way to avoid what could be a very expensive, embarrassing and time-consuming mistake and security error. 

    3. 

    Identity and Access Management (IAM) given too much control/access indirectly

    With Identity and Access Management (IAM), users can set and grant, control and revoke access to AWS accounts and services. However, as one of the most common Amazon cloud issues, access can be set incorrectly, potentially giving the wrong users too much control, or access to sensitive data they shouldn’t have. 

    Solution 

    Definitely an AWS cloud security best practices that should be monitored closely and reviewed by a trusted development and security partner, to ensure the right users have the correct permissions to maintain security protocols within the Enterprise. Implement AWS IAM Access Analyzer to identify unintended resource access and use AWS Organizations with Service Control Policies (SCPs) for granular permission management.

    4. 

    CloudTrail logging is disabled or not enabled 

    Amazon CloudTrail tracks and monitors every API call made against their account. It logs all of the records then deposits them in the relevant S3 bucket. Unfortunately, this is a service that too many users either disable or fail to enable, which means you never know where API requests are being made from. As an AWS cloud security, this is a serious one, because you could be under a DDoS attack without realising it, and not knowing where the attack is coming from. 

    Solution 

    Enable AWS CloudTrail Lake for long-term, immutable log storage and implement AWS Security Hub for centralized security alerts and compliance checks.

    5. 

    S3 buckets logging is disabled, or not enabled

    Similar to the above AWS security problem: if S3 bucket logs aren’t enabled, or have been disabled, then you’ve got a potentially serious security weakness within your AWS account(s).  

    Solution 

    Use S3 Intelligent-Tiering for cost-effective, automatic data lifecycle management and regularly run S3 Storage Lens for data protection insights.

    6. 

    Not enough IP addresses are enabled within a Virtual Private Cloud (VPC)

    Within Virtual Private Cloud (VPC) infrastructures, such as VPNs, administrators need to set enough IP addresses to ensure everyone who needs it can access the VPN or VPC. Having too many open and set could be a weakness in itself, but not enabling enough might mean those who need additional security can’t get into the VPN. 

    Solution 

    As a customizable solution, IT and cloud admins need to ensure any VPC or VPN environment is configured according to who needs access, with the relevant permissions and security monitoring in-place, to avoid a VPN and anything contained and transmitted within being made public. Implement AWS Network Firewall for centralised network protection and use AWS PrivateLink for secure service access.

    7. 

    Network Access Control List (NACL) allowing too much inbound traffic

    A Network Access Control list (NACL) is another optional layer of AWS security that can control traffic in and out of a subnet within a network, such as a VPC or VPN. Another worrying AWS security concerns, is that if access is configured the wrong way, you could give anyone access (especially if NACL rule #100 is accidentally set), thereby creating a major security issue. 

    Solution 

    Make sure this is configured the right way, and always monitor access and traffic. 

    AWS has created one of the most secure, flexible and configurable sets of cloud-based storage solutions in the world. But at the same time, there are many many security concerns when it comes to AWS, and so much of those come down to the way users configure accounts, access, network permissions, and numerous other settings. 

    Emerging AWS security considerations

    As cloud environments grow more complex, staying ahead of security trends is critical. Here are key considerations for 2026:

    • Container Security: Use Amazon ECR image scanning and follow Amazon EKS security best practices.
    • Serverless Security: For Lambda functions, use AWS Lambda function URLs with IAM authorisation.
    • AI/ML Security: Implement Amazon SageMaker security best practices and ensure responsible use of AWS AI services.
    • Zero Trust: Adopt AWS Zero Trust architecture principles across your entire AWS environment.

    By addressing these considerations and applying best practices, businesses can maintain robust security in a rapidly evolving cloud landscape.

    alt=""
    alt=""
    alt=""
    alt=""
    alt=""

     

    Take the first step towards a secure AWS infrastructure

     

     

    AWS provides secure, flexible, and configurable cloud solutions, but misconfigurations can lead to significant vulnerabilities. With Nortal, you gain a trusted partner to optimize and secure your AWS environment. Whether you need to fortify your existing systems or prevent future breaches, our dedicated experts are here to help. 
    Contact us

     

     

    Get in touch

    Share a few details about what you need, and we’ll help you choose the right mix of roles, timelines, and delivery approach.