New Training: Plan for S3 Confidentiality Data Security
In this 6-video skill, CBT Nuggets trainer Bart Castle teaches you about critical S3 security best practices for ensuring confidentiality. Learn how to ensure that S3 object data isn’t publicly accessible, how to secure S3 object data by using AES encryption, and how to plan for the appropriate combination of client-side encryption, server-side encryption, and key management options. Watch this new AWS training.
Learn AWS with one of these courses:
This training includes:
40 minutes of training
You’ll learn these topics in this skill:
S3 Client-Side Encryption
S3 Server-Side Encryption: Client Key
S3 Server-Side Encryption: S3 Keys
S3 Server-Side Encryption: KMS Keys
S3 Public Access Account Restrictions
How to Secure AWS S3 Data with Encryption At Rest
AWS S3 provides multiple tools for securing data with things like access control lists and policy restrictions. Another one of the mechanisms AWS offers to secure data is the ability to encrypt data before sending it to S3. Encrypting data before storing it in S3 is easy, too.
The AWS SDK offers encryption out of the box. Developers don't need to use other encryption methods to secure data before transporting it to S3. Instead, they can use the AWS SDK to encrypt data with either AES or RSA encryption schemes. This allows a way for developers to access native encryption functions without risking using libraries maintained by developers with whom they don't know.
To use AWS encryption functions, developers will need to create master keys, or private keys, stored with AWS's Key Management System. KMS is a service provided by AWS to secure and manage private API and encryption keys. It works similarly to IAM and can also be controlled through IAM policies as well.
For more information and examples on how to use encryption methods through the AWS SDK, visit the AWS knowledge base article titled Protecting data using client-side encryption.