AWS Classroom Series – 21/Mar/2020

Storage Encryption

  • S3 Buckets:
    • Encryption during transit:
      • When data is accessed (upload/download) to s3 data is encrypted by default. This is done using https
    • Encryption at rest:
      • Client Side Encryption:
        • You upload encrypted files to s3 bucket
        • when you want to use it, you have to download and decrypt
      • Server Side
        • you send file => file is encrypted during transit (https) => while storing in AWS S3, you use Server Side Encryption
      • Amazon has a service called as Key Management Services (KMS)
  • EBS Volumes
    • Encryption: While creating the volume select your kms key
  • EFS:
    • Encryption: While creating the volume select your kms key

AWS Backup Services

  • One stop solution for scheduling backups is AWS Backup

S3 Bucket Policy

  • In AWS S3 Access with in buckets can be controlled by creating S3 Bucket Policy.
  • S3 Bucket Policy is also a json file with the following grammer refer here
  • Read only policy example to particular user john
{
    "Version": "2012-10-17",
    "Id": "TestingPolicy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::Account-ID:user/John"
            },
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::<bucketname>/*",
                "arn:aws:s3:::<bucketname>"
            ]
        }
    ]
}
  • Full Access Policy Example to a particular user rama
{
    "Version": "2012-10-17",
    "Id": "TestingPolicy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::Account-ID:user/rama"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::<bucketname>/*",
                "arn:aws:s3:::<bucketname>"
            ]
        }
    ]
}

AWS Storage Gateway

  • Storage Gateway is a virtual applicance which is installed on-premises on any hypervisor
  • Storage Gateway service allows you to securely store data in AWS Preview
  • Refer Here for official docs

Glacier

  • Glacier is extremely low costly storage service for long term storages
  • Data is Glacier is generally not accessed.
  • Use case:
    • Your Projects yearly backups can be stored in Glacier
  • Vault: Container for storing archives
  • Using AWS S3 Glacier from AWS CLI
  • To Use AWS Glacier from CLI Refer Here
  • Refer Here consider Topics section with 6 steps

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube