AWS Security Blog
Tag: S3
Top 10 security best practices for securing data in Amazon S3
With more than 100 trillion objects in Amazon Simple Storage Service (Amazon S3) and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization. So, we’ve curated the top 10 controls for securing your data in S3. By default, all S3 buckets are private and can […]
Read MoreAWS IAM Sessions at re:Invent 2015
As I said last week, the breakout sessions for the Security & Compliance track have been announced and are shown in the re:Invent 2015 session catalog. If you are going to re:Invent 2015, you can add these sessions to your schedule now. Today, I will highlight the AWS Identity and Access Management (IAM) sessions that […]
Read MoreIn Case You Missed Them: Some Recent Security Enhancements in AWS
With the steady cadence of updates and enhancements for AWS services, it can sometimes be easy to miss announcements about features that relate to security. Here are some recent security-related updates in AWS services that we’re excited about and that you might not have heard about. AWS Trusted Advisor inspects your AWS environment and finds […]
Read MoreSome AWS SDKs Security Features You Should Know About
The AWS SDK team recently added and documented some security-related features that we think you shouldn’t miss. Check these out! Updates for managing access keys in the .NET and Java SDKs. In Referencing Credentials using Profiles, blogger Norm Johanson describes how you can now put a credentials file in your user folder. This great security […]
Read MoreIAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
Updated on January 8, 2019: Based on customer feedback, we updated the third paragraph in the “What about S3 ACLs?” section to clarify permission management. In previous posts we’ve explained how to write S3 policies for the console and how to use policy variables to grant access to user-specific S3 folders. This week we’ll discuss […]
Read MoreCloudBerry Active Directory Bridge for Authenticating non-AWS AD Users to S3
One of the benefits of AWS is the highly available, durable, and practically unlimited cloud-based storage you can get with Amazon Simple Storage Services (Amazon S3). Over two trillion objects are already stored in S3 and customers are always finding more creative uses for S3. One of the more commonly requested use cases is how […]
Read MoreEncrypting Data in Amazon S3
Readers have expressed interest in learning more about encryption and key management for protecting data stored in AWS. Amazon Simple Storage Service (S3) supports a server-side encryption feature where you can set a flag in the API or check a box in the AWS Management Console to automatically encrypt your data before it’s written to […]
Read MoreSecuring Access to AWS Using MFA – Part 3
In Part 1 (configuring MFA for sign-in) and Part 2 (MFA-protected API access) of this series, we discussed various ways in which AWS Multi-Factor Authentication (MFA) can improve the security of your account. This week’s topic will be a brief overview of how you can use MFA in conjunction with Amazon S3 Versioning. What is […]
Read MoreWriting IAM Policies: Grant Access to User-Specific Folders in an Amazon S3 Bucket
Many of you have asked how to construct an AWS Identity and Access Management (IAM) policy with folder-level permissions for Amazon S3 buckets. This week’s guest blogger Elliot Yamaguchi, Technical Writer on the IAM team, will explain the basics of writing that type of policy. To show you how to create a policy with folder-level […]
Read MoreWriting IAM Policies: How to Grant Access to an Amazon S3 Bucket
In this post, we’ll address a common question about how to write an AWS Identity and Access Management (IAM) policy to grant read-write access to an Amazon S3 bucket. Doing so helps you control who can access your data stored in Amazon S3. You can grant either programmatic access or AWS Management Console access to […]
Read More