AWS Security Blog

Category: Storage*

How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker

Docker enables you to package, ship, and run applications as containers. This approach provides a comprehensive abstraction layer that allows developers to “containerize” or “package” any application and have it run on any infrastructure. Docker containers are analogous to shipping containers in that they provide a standard and consistent way of shipping almost anything. One […]

Read More

How to Use the REST API to Encrypt S3 Objects by Using AWS KMS

AWS Key Management Service (AWS KMS) allows you to use keys under your control to encrypt data at rest stored in Amazon S3. The two primary methods for implementing this encryption are server-side encryption (SSE) and client-side encryption (CSE). Each method offers multiple interfaces and API options to choose from. In this blog post, I […]

Read More

How to Create a Policy That Whitelists Access to Sensitive Amazon S3 Buckets

When it comes to securing access to your Amazon S3 buckets, AWS provides various options. You can utilize access control lists (ACLs), AWS Identity and Access Management (IAM) user policies, and S3 access policies. Even within S3 access policies, you have options to consider. You can use the Principal element, which allows you to utilize […]

Read More

Amazon Glacier Introduces Vault Lock

Amazon Glacier, which enables long-term storage of mission-critical data, has added Vault Lock. This new feature allows you to lock your vault with a variety of compliance controls that are designed to support such long-term records retention. You can now create a Vault Lock policy on a vault, and after it is locked, the policy […]

Read More

Some AWS SDKs Security Features You Should Know About

The AWS SDK team recently added and documented some security-related features that we think you shouldn’t miss. Check these out! Updates for managing access keys in the .NET and Java SDKs. In Referencing Credentials using Profiles, blogger Norm Johanson describes how you can now put a credentials file in your user folder. This great security […]

Read More

Encryption for EBS Volumes Can Help You with Security and Compliance

On May 21, AWS launched encryption for EBS volumes, a frequently requested feature, which can help you meet stricter security and encryption compliance requirements. You can now create an encrypted EBS volume and attach it to an EC2 instance. Data on the volume, disk I/O, and snapshots created from the volume are all encrypted. The […]

Read More

Tracking Federated User Access to Amazon S3 and Best Practices for Protecting Log Data

Auditing by using logs is an important capability of any cloud platform.  There are several third party solution providers that provide auditing and analysis using AWS logs.  Last November AWS announced its own logging and analysis service, called AWS CloudTrail.  While logging is important, understanding how to interpret logs and alerts is crucial.  In this blog […]

Read More

IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)

In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss another frequently asked-about topic: the distinction between IAM policies, S3 bucket policies, S3 ACLs, and when to use each. They’re all part of the AWS […]

Read More

CloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3

One of the benefits of AWS is the highly available, durable, and practically unlimited cloud-based storage you can get with Amazon Simple Storage Services (Amazon S3).  Over two trillion objects are already stored in S3 and customers are always finding more creative uses for S3.  One of the more commonly requested use cases is how […]

Read More

Encrypting Data in Amazon S3

Readers have expressed interest in learning more about encryption and key management for protecting data stored in AWS. Amazon Simple Storage Service (S3) supports a server-side encryption feature where you can set a flag in the API or check a box in the AWS Management Console to automatically encrypt your data before it’s written to […]

Read More