Introduction
In this blog, we are going to discuss S3 storage encryption and security. By default, all buckets when we create them are private. Later, we can set up encryption and security.
Step 1
We can set up the access control to our bucket using
- Bucket Policy
- Access control lists
Bucket policies work at the bucket level, whereas access control lists go all the way down to individual objects. S3 Buckets can be configured to create access logs that log all the requests made to your S3 bucket.
S3 Bucket Encryption
Encryption is really important when we are storing our data on the cloud. Encryption in transit means that the traffic is going to be encrypted in transit. So basically between your computer and the server, the traffic has been encrypted so your data is secure. Encryption in transit is achieved by SSL and TLS. We can do encryption on the client and on the server-side also.
- Client-side encryption: Before saving data to the cloud, uses encryption and decryption techniques manually.
- Server-side encryption: On the server-side, Amazon will help you encrypt the data.
S3 Key management
There are three different types of managed keys. This is where Amazon manages the keys for you automatically. You don't need to worry about the keys at all. When we talk about keys, a key is just a way of encrypting the object and then decrypting it. It's just like you would use a key with a lock.
S3 Server Side Encryption
- SSE-S3:- These are S3 managed keys that do server-side encryption.
- SSE-KMS:- This is called managed keys server-side encryption with K M S.
- SSE-C:- We have server-side encryption with customer-provided keys. This is where you actually give Amazon your own keys that you manage and you can encrypt your S3 objects doing that as well.
Step 2
Let's go ahead and have a look at how we can do this in the AWS console. First, go to your AWS management console and click on S3 under storage then create your bucket. Please check the below figure where we can see the S3 bucket.
Step 3
The next step is to click on the bucket so that you can see your individual objects or data. Please check the below figure.
Step 4
The next step is to please click on the checkbox. Check the below figure.
After clicking on the encryption label, we will get a new window for selecting the encryption. Please select the AES-256 option and hit the save button. Please check the below snapshot.
After enabling encryption, please check the object properties. Check the below snapshot in which we can see encryption details.
In some unlikely events, such as the AWS data center is broken or somebody hacked your storage, they would not able to decrypt the file. Now your file is secured in the cloud by achieving encryption.
Summary
In this blog, we learned about how to secure our data in the S3 bucket by enabling server-side encryption.
I hope that you find it helpful.
Eat->Code->Sleep->Repeat.