Author: Hanson Char

In the previous blog (Part 4), we demonstrated how you can generate and consume pre-signed URLs using SSE-C. In this last and final blog of the series, I will provide code examples that show how to generate and consume pre-signed URLs using SSE-C, but restricting the URLs to be used only with specific customer-provided encryption […]

In Part 3 of this blog, we demonstrated how you can generate and consume pre-signed URLs using SSE-S3. In this blog, I will provide code examples to show how you can generate and consume pre-signed URLs using one of the more advanced options, namely SSE-C (server-side encryption with customer-provided encryption keys). The code samples assume the […]

As mentioned in Part 1 and Part 2 of this blog, there are fundamentally four ways you can generate Amazon S3 pre-signed URLs using server-side encryption (SSE). We demonstrated how you could do so with SSE-KMS (server-side encryption with AWS Key Management Service). In this blog, I will provide further sample code that shows how […]

One of the most powerful tools for accessing Amazon DynamoDB is the use of a DynamoDB domain-specific language (DSL) called expressions. If you look closely, you will find the support of DynamoDB expressions everywhere. For instance, you can access the attributes of an item using projection expressions. You can query or scan items using filter […]

To continue from the previous blog, I will provide specific code examples that show how you can generate and consume pre-signed URLs using server-side encryption with AWS Key Management Service (SSE-KMS). A pre-requisite to this option is that you must be using Signature Version 4 (SigV4). You can enable SigV4 in the AWS SDK for […]

By default, all objects and buckets are private in Amazon S3. Pre-Signed URLs are a popular way to let your users or customers upload or download specific objects to/from your bucket, but without requiring them to have AWS security credentials or permissions. In part 1 of this blog, we will take a look at all […]

Are you curious about how the Amazon S3 Encryption Java client makes use of meta information to support client-side encryption?  Have you ever wondered how you can write code in other languages that can encrypt/decrypt S3 objects in a format that is compatible with the AWS SDK for Java, or an AWS SDK for another […]

In an earlier blog, Taming client-side key rotation with the Amazon S3 encryption client, we introduced the putInstructionFile API that makes Amazon S3 client-side key rotation easy. In the long run, however, wouldn’t it be nice if you could eliminate the administrative overhead of managing your client-side master keys, and instead have them fully managed […]

As mentioned in an earlier blog, encrypting data using the Amazon S3 encryption client is one way you can provide an additional layer of protection for sensitive information you store in Amazon S3. Under the hood, the Amazon S3 encryption client randomly generates a one-time data encryption key per S3 object, encrypts the key using […]

With version 1.9.5 of the AWS SDK for Java, we are excited to announce the full support of S3 object encryption using AWS Key Management Service (KMS). Why KMS, you may ask? In a nutshell, AWS Key Management Service provides many security and administrative benefits, including centralized key management, better security in protecting your master […]