From the course: AWS Administration: Security Operations
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
S3 Encryption - Amazon Web Services (AWS) Tutorial
From the course: AWS Administration: Security Operations
S3 Encryption
- [Narrator] For the encryption of data records, stored in S3 buckets, we can protect the data in transit we're connecting with SSL endpoints or VPC endpoints. SSL endpoints, obviously, across the internet. VPC endpoints, totally private. Our traffic flow on the Amazon private network. For protection of the data records at rest, we have the choices of server-side or client-side encryption. The data encrypted at the object level, is going to be using AES 256-bit encryption. For S3 access, we can control that access with ACLs Access Control Lists, bucket policies, which are resource policies to finding what users can actually access the bucket contents, or specific IAM policies, which were assigned to the users. For Server-Side Encryption, abbreviated SSE-S3, server-side encryption with S3 is using managed keys. Each object is encrypted with a unique data key, which in-turn is encrypted with the customer master key. We can also…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
Data protection in transit and at rest6m 20s
-
(Locked)
Data encryption options for storage services5m 21s
-
(Locked)
S3 Encryption4m 7s
-
(Locked)
Key Management Service4m 48s
-
(Locked)
Explore Cloud HSM4m 41s
-
(Locked)
Analyze breaches with Amazon Macie6m 19s
-
(Locked)
Certificate Manager4m 56s
-
(Locked)
Demo: Amazon Macie2m 57s
-
-
-