AWS Storage Blog
Category: AWS Identity and Access Management (IAM)
Encrypt and decrypt files with PGP and AWS Transfer Family
1/11/2024: Updates made due to CloudShell migration to Amazon Linux 2023 (AL2023). Protecting sensitive data is not a novel idea. Customers in industries like financial services and healthcare regularly exchange files containing sensitive data, including Personal Identifiable Information (PII) and financial records with their users. Pretty Good Privacy (PGP) encryption of these files is often […]
Disabling ACLs for existing Amazon S3 workloads with information in S3 server access logs and AWS CloudTrail
Access control lists (ACLs) are permission sets that define user access, and the operations users can take on specific resources. Amazon S3 was launched in 2006 with ACLs as its first authorization mechanism. Since 2011, Amazon S3 has also supported AWS Identity and Access Management (IAM) policies for managing access to S3 buckets, and recommends using […]
Enforcing encryption in transit with TLS1.2 or higher with Amazon S3
Update April 8, 2024: As of February 27th, 2024, all AWS service API endpoints (including for Amazon S3) now require a minimum of TLS version 1.2. Therefore, the S3 bucket and S3 Access Point policy examples in this post that enforce minimum of TLS version 1.2 are no longer necessary as this is the default […]
Failover Microsoft Azure workloads to AWS using AWS Elastic Disaster Recovery
Enterprises strive to make sure that business critical applications, workloads, and data remain available during planned and unplanned downtime. When using the cloud, organizations must make sure to apply the same approach to business continuity and disaster recovery as they would with on-premises infrastructure. Customers on the cloud can leverage AWS Elastic Disaster Recovery (AWS […]
Simplify and scale access management to shared datasets with cross-account Amazon S3 Access Points
In today’s interconnected and data centric world, businesses must have access to the right data for data-driven decision-making, ultimately driving better business results. Collecting all the relevant data takes time and capital as it requires setting up data ingestion pipelines, hiring analysts to validate and interpret the data, and incorporating data insights that influence important […]
Automating AWS Backup pre- and post-script execution with AWS Step Functions
Customers execute custom scripts before or after a backup job to automate and orchestrate required and repetitive tasks. For example, customers running applications hosted in Amazon Elastic Compute Cloud (EC2) instances use scripts to complete application transactions, flush the buffers and caches, stop file I/O operations, or ensure that the application is idle, bringing the […]
Troubleshooting automated pre- and post-scripts for AWS Backup
Customers can use event-driven architectures with decoupled tasks to automate and orchestrate custom scripts for backup jobs. With event-driven architectures, troubleshooting is key to understanding failures at the component levels in order to resolve issues that arise and keep the entire automated workflow running smoothly. In the first post in this two-part blog series, we […]
Synchronize Amazon EC2 instance tags and instance type with AWS Elastic Disaster Recovery source servers
When performing disaster recovery, you recover your original systems and IT infrastructure to their original state at an alternate, available site. When you recover your servers, the recovered servers should match the original compute infrastructure to reduce the risk of underprovisioning or overprovisioning your recovery environment. This improves the likelihood that your recovery servers have […]
Using available Amazon EFS security features while migrating files with AWS DataSync
When performing an online data migration, an important requirement is often security in transit. When evaluating migration options, you should consider if the tools available can provide encryption of data in flight, to help prevent unauthorized users from reading your data. Amazon Elastic File System (EFS) provides the ability to encrypt data in transit by […]
Use AWS Backup and CI/CD tools to automate centralized backup across AWS services
Automating and scaling your data protection and backup strategy helps you reduce manual overhead from time-consuming configuration, minimizes the risk for errors, provides visibility on drift detection, and enhances backup policy compliance across distributed AWS workloads or accounts. Incorporating backup in your disaster recovery (DR) and business continuity plan (BCP), along with the automation of […]