I built a scanner that found 41 live AWS keys in 900 Terraform state files(vechron.com)
vechron.com
I built a scanner that found 41 live AWS keys in 900 Terraform state files
https://vechron.com/2026/05/i-found-900-s3-buckets-exposing-terraform-state-files-41-had-live-aws-credentials/
You can't really DDoS S3 on a $20 node.
> AWS does not tell you when your bucket is being scanned.
I wonder if that even makes sense; the "scanning" is just a single request to a public bucket, and they can't infer that the bucket isn't supposed to be public. In theory AWS could flag the IP that's sending requests to thousands of buckets.