Created
January 30, 2019 06:40
-
-
Save michaelguild13/ca9437f9e3378805f57fcd49100c89ef to your computer and use it in GitHub Desktop.
AWS-S3-Security-and-Encryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
S3 Security and Encryption Overview | |
Security | |
- By default, all newly created buckets are PRIVATE | |
- Access control is done with Bucket Policies (entire bucket) or Access Control Lists (specific object) | |
- Can log all access requests to S3 Bucket | |
Encryption | |
In Transit - sending information to and from bucket via SSL/TLS (https) | |
At Rest - four types of encryption: SSE-S3, SSE-KMS, SSE-C, and Client Side Encryption | |
- Server Side Encryption | |
- SSE-S3 - S3 Manged Keys | |
- SSE-KMS - AWS Key Mangement Service, managed key - provides audit trails | |
- SSE-C - Servier Side Encryption with customper provided keys, key is managed by client | |
- Client Side Encryption |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment