AWS Security Blog
Category: Amazon Simple Storage Service (S3)
How to restrict Amazon S3 bucket access to a specific IAM role
April 2, 2021: In the section “Granting cross-account bucket access to a specific IAM role,” we’ve updated the second policy to fix an error. I am a cloud support engineer here at AWS, and customers often ask me how they can limit Amazon S3 bucket access to a specific AWS Identity and Access Management (IAM) […]
How to Prevent Uploads of Unencrypted Objects to Amazon S3
There are many use cases to prevent uploads of unencrypted objects to an Amazon S3 bucket, but the underlying objective is to protect the confidentiality and integrity of the objects stored in that bucket. AWS provides several services that help make this process easier, such as AWS Identity and Access Management (IAM) and AWS Key […]
How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker
Docker enables you to package, ship, and run applications as containers. This approach provides a comprehensive abstraction layer that allows developers to “containerize” or “package” any application and have it run on any infrastructure. Docker containers are analogous to shipping containers in that they provide a standard and consistent way of shipping almost anything. One […]
How to Use the REST API to Encrypt S3 Objects by Using AWS KMS
August 4, 2023: This blog post is out of date, and is in the process of being updated. AWS Key Management Service (AWS KMS) allows you to use keys under your control to encrypt data at rest stored in Amazon S3. The two primary methods for implementing this encryption are server-side encryption (SSE) and client-side […]
How to create a policy that provides selective access to sensitive Amazon S3 buckets
October 12, 2023: This blog is out of date. Please refer to this post instead: How to restrict Amazon S3 bucket access to a specific IAM role When it comes to securing access to your Amazon S3 buckets, AWS provides various options. You can utilize access control lists (ACLs), AWS Identity and Access Management (IAM) […]
Some AWS SDKs Security Features You Should Know About
The AWS SDK team recently added and documented some security-related features that we think you shouldn’t miss. Check these out! Updates for managing access keys in the .NET and Java SDKs. In Referencing Credentials using Profiles, blogger Norm Johanson describes how you can now put a credentials file in your user folder. This great security […]
Tracking Federated User Access to Amazon S3 and Best Practices for Protecting Log Data
Auditing by using logs is an important capability of any cloud platform. There are several third party solution providers that provide auditing and analysis using AWS logs. Last November AWS announced its own logging and analysis service, called AWS CloudTrail. While logging is important, understanding how to interpret logs and alerts is crucial. In this blog […]
CloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3
One of the benefits of AWS is the highly available, durable, and practically unlimited cloud-based storage you can get with Amazon Simple Storage Services (Amazon S3). Over two trillion objects are already stored in S3 and customers are always finding more creative uses for S3. One of the more commonly requested use cases is how […]
Encrypting Data in Amazon S3
Readers have expressed interest in learning more about encryption and key management for protecting data stored in AWS. Amazon Simple Storage Service (S3) supports a server-side encryption feature where you can set a flag in the API or check a box in the AWS Management Console to automatically encrypt your data before it’s written to […]
Securing Access to AWS Using MFA – Part 3
In Part 1 (configuring MFA for sign-in) and Part 2 (MFA-protected API access) of this series, we discussed various ways in which AWS Multi-Factor Authentication (MFA) can improve the security of your account. This week’s topic will be a brief overview of how you can use MFA in conjunction with Amazon S3 Versioning. What is […]