Security in S3
- Encryption during transit:
- When the users are trying to access teh data in s3 buckets its already secured
https - This happens by default
- When the users are trying to access teh data in s3 buckets its already secured
-
Encryption at rest:
- We can encrypt the data in s3 buckets using keys in KMS or other areas.
- This is an extra configuration.
-
Who can access the data?
- ACL (Access Control Lists)
- S3 Bucket Policy
- IAM Policy
- Scanning: Amazon Macie can scan the s3 buckets for sensitive contents like passwords etc.
Activities
Activity 1
- Create a S3 bucket in mumbai region with two folders. The purpose of this is that anyone should access this.
- music
- videos
- To create open to Access to every, enable ACL’s and permission should be public read.
- Block Public access is unselected
Activity 1.1 Upload any file and donot give public access
- Upload in any folder
- By default aws will not give public read to any object.
Activity 1.1 Upload any file and give public access
- Upload in any folder
- Select public-read access
ACL (Access control lists)
- Refer Here for official documentation
- ACLs use xml documents to configure access. AWS S3 ACLs have preconfigured groups
- ALL AWS USERS
- AWS AUTHENTICATED GROUP
- LOG DELIVERY GROUP
- PUBLIC READ (Anonymous)
