AWS Classroom Series – 02/Dec/2021

AWS S3 Contd

  • Encryption in AWS S3:

    • There are two main ways of securing the data
      • encryption of data in transit
      • encryption of data at rest Preview
    • Uploading the data to s3 will be using HTTPS and SSL-encrypted endpoints, so the data is automatically secured for uploads and downloads (in transit)
    • To secure data at rest i.e Server Side Encryption (SSE)
      • SSE with Amazon key Management (SSE-SE):
        • In this case S3 will encrypt your data at rest and manage the encryption keys
        • Each object is encrypted using per-object key and the per-object key is encrypted using a master key and the Master key is managed using S3 key maangement.
        • The master key is rotated on a monthly,
        • You can turn on this option from S3 Console or using CLI
        • To start encryption for the new objects of the existing bucket Preview Preview Preview
      • SSE with customer provided keys (SSE-C)
        • AWS S3 will encrypt your data at rest using the custom encryption keys that you provide.
        • To use this, simply include your custom encryption key in your upload request and AWS S3 encrypts the object using the key and similarly to retreive and encrypted object, provide your custom encryption and S3 decrypts the object as a part of retrieval.
        • You can use this approach by using CLI/S3 SDK API’s (not from console)
      • SSE with AWS Key Management Service (SSE-KMS)
        • Amazon S3 will encrypt the data at rest using the keys you manage in AWS KMS
        • With AWS KMS, there are seperate permissions for the use of master key, providing an additional layer of control

  • Activity:

    • Create an S3 bucket and upload
      • two videos
      • two mp3 files
      • two images
      • two text
    • Hint: while creating a bucket unselect the Block all public access option.
    • After uploading objects and then trying to access them is giving access denied error Preview
    • By default all the uploads are private, now check any objects file permissions Preview
    • Making public from acl is disabled, Now lets get into bucket properties Preview Preview
    • Right now we are not able to make the object available for public access
    • Now lets try uploading the same/different object in different folder & we find while uploading also we cannot change access Preview
    • Now lets create a new s3 bucket and upload the mp3 file Preview Preview

  • IN AWS S3 we have two approaches to make the objects available

    • using ACL (Access Control lists)
    • Using Access Points

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube