A Cloud Guru - Certified Solutions Architect Associate - S3 - Security & Encryption

Securing your buckets

• By default, all newly created buckets are PRIVATE
• You can setup access control to your buckets using;
• Bucket Policies
• Access Control Lists
• S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.

Encryption in S3

• In Transit;
• SSL/TLS
• At Rest;
• Server Side Encryption
  • S3 Managed Keys - SSE-S3
  • AWS Key Management Service, Managed Keys - SSE-KMS
  • Server Side Encryption With Customer Provided Keys - SSE-C
• Client Side Encryption