AWS > Storage > Amazon Simple Storage Service (S3):
Security:
1. By default, all newly created buckets are PRIVATE.
2. You can setup access control to your buckets using:
2A. Bucket Policies: Control bucket access
2B. Access Control Lists(ACL): Control objects
3. S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.
Encryption:
1. In Transit:
1A. SSL/TLS (HTTPS)
2. At Rest
2A. Server Side Encryption(SSE)
2a. S3 Managed Keys: SSE-S3 (AES 256bit)
2b. AWS Key Management Service, Managed Keys: SSE-KMS
2c. Server Side Encryption With Customer Provided Keys: SSE-C
2B. Client Side Encryption
Reference:
1. AWS Documentation - Protecting data using encryption
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
2. Udemy - AWS Solutions Architect - Associate:
https://www.udemy.com/aws-certified-solutions-architect-associate/
最初發表 / 最後更新: 2019.03.07 / 2020.06.09
0 comments:
張貼留言