AWS Classroom Series – 21/Mar/2020

Storage Encryption

  • S3 Buckets:
    • Encryption during transit:
      • When data is accessed (upload/download) to s3 data is encrypted by default. This is done using https
    • Encryption at rest:
      • Client Side Encryption:
        • You upload encrypted files to s3 bucket
        • when you want to use it, you have to download and decrypt
      • Server Side
        • you send file => file is encrypted during transit (https) => while storing in AWS S3, you use Server Side Encryption
      • Amazon has a service called as Key Management Services (KMS)
  • EBS Volumes
    • Encryption: While creating the volume select your kms key
  • EFS:
    • Encryption: While creating the volume select your kms key

AWS Backup Services

  • One stop solution for scheduling backups is AWS Backup

S3 Bucket Policy

  • In AWS S3 Access with in buckets can be controlled by creating S3 Bucket Policy.
  • S3 Bucket Policy is also a json file with the following grammer refer here
  • Read only policy example to particular user john
{
    "Version": "2012-10-17",
    "Id": "TestingPolicy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::Account-ID:user/John"
            },
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::<bucketname>/*",
                "arn:aws:s3:::<bucketname>"
            ]
        }
    ]
}
  • Full Access Policy Example to a particular user rama
{
    "Version": "2012-10-17",
    "Id": "TestingPolicy",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::Account-ID:user/rama"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::<bucketname>/*",
                "arn:aws:s3:::<bucketname>"
            ]
        }
    ]
}

AWS Storage Gateway

  • Storage Gateway is a virtual applicance which is installed on-premises on any hypervisor
  • Storage Gateway service allows you to securely store data in AWS Preview
  • Refer Here for official docs

Glacier

  • Glacier is extremely low costly storage service for long term storages
  • Data is Glacier is generally not accessed.
  • Use case:
    • Your Projects yearly backups can be stored in Glacier
  • Vault: Container for storing archives
  • Using AWS S3 Glacier from AWS CLI
  • To Use AWS Glacier from CLI Refer Here
  • Refer Here consider Topics section with 6 steps

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin