Storage Encryption
- S3 Buckets:
- Encryption during transit:
- When data is accessed (upload/download) to s3 data is encrypted by default. This is done using https
- Encryption at rest:
- Client Side Encryption:
- You upload encrypted files to s3 bucket
- when you want to use it, you have to download and decrypt
- Server Side
- you send file => file is encrypted during transit (https) => while storing in AWS S3, you use Server Side Encryption
- Amazon has a service called as Key Management Services (KMS)
- EBS Volumes
- Encryption: While creating the volume select your kms key
- EFS:
- Encryption: While creating the volume select your kms key
AWS Backup Services
- One stop solution for scheduling backups is AWS Backup
S3 Bucket Policy
- In AWS S3 Access with in buckets can be controlled by creating S3 Bucket Policy.
- S3 Bucket Policy is also a json file with the following grammer refer here
- Read only policy example to particular user john
{
"Version": "2012-10-17",
"Id": "TestingPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::Account-ID:user/John"
},
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::<bucketname>/*",
"arn:aws:s3:::<bucketname>"
]
}
]
}
- Full Access Policy Example to a particular user rama
{
"Version": "2012-10-17",
"Id": "TestingPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::Account-ID:user/rama"
},
"Action": "*",
"Resource": [
"arn:aws:s3:::<bucketname>/*",
"arn:aws:s3:::<bucketname>"
]
}
]
}
AWS Storage Gateway
- Storage Gateway is a virtual applicance which is installed on-premises on any hypervisor
- Storage Gateway service allows you to securely store data in AWS

- Refer Here for official docs
Glacier
- Glacier is extremely low costly storage service for long term storages
- Data is Glacier is generally not accessed.
- Use case:
- Your Projects yearly backups can be stored in Glacier
- Vault: Container for storing archives
- Using AWS S3 Glacier from AWS CLI
- To Use AWS Glacier from CLI Refer Here
- Refer Here consider Topics section with 6 steps
Like this:
Like Loading...