Chalk Talk: Deep Dive on Security in Amazon S3 & Amazon Glacier (STG379-R3) - AWS re:Invent 2018
•
2 likes•507 views
Amazon S3 and Amazon Glacier provide some of the most enhanced data security features available in the cloud today. In this chalk talk, learn directly from the AWS engineering team that builds and maintains Amazon S3 security functionality, like encryption, public access visibility, and much more. Bring your feedback, questions, and expertise to discuss innovative ways to ensure that your data is available only to the users and applications that need it.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Chalk Talk: Deep Dive on Security in Amazon S3 & Amazon Glacier (STG379-R3) - AWS re:Invent 2018
Similar to Chalk Talk: Deep Dive on Security in Amazon S3 & Amazon Glacier (STG379-R3) - AWS re:Invent 2018 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Chalk Talk: Deep Dive on Security in Amazon S3 & Amazon Glacier (STG379-R3) - AWS re:Invent 2018
- 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deep Dive on Security in Amazon S3 S T G 3 7 9 Sam Parmett Software Development Engineer Amazon S3 PD Dutta Sr. Product Manager Amazon S3
- 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Amazon Simple Storage Service (Amazon S3) access control mechanisms Amazon S3 encryption Monitoring access to Amazon S3 resources Securing data in Amazon Glacier Building permission models for data lakes
- 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Related sessions Wednesday, November 28 STG386-R2 - Builders Session: Secure Data in Amazon S3 & Amazon Glacier 5:30 – 6:30 PM | Mirage, Grand Ballroom B, Table7 Thursday, November 29 STG367-R2 - Optimizing Performance in Amazon S3 3:15 – 4:15 PM | MGM, Level 3, North Concourse 307
- 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 access control mechanisms • AWS Identity and Access Management (IAM) policy • AWS Organizations service control policy • Amazon S3 VPCE policy • Amazon S3 bucket policy • Amazon S3 access control lists (ACLs) • Amazon S3 Block Public Access
- 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 encryption support User encrypts the data on client-side and uploads to Amazon S3 HTTPS/TLS • SSE-S3 (Amazon S3 managed keys) • SSE-KMS (AWS Key Management Service [AWS KMS]) • SSE-C (customer provided keys) Server-Side Encryption Client-Side Encryption
- 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 default encryption Provides S3 encryption-at-rest support for applications that do not otherwise support encrypting data in S3 One time bucket level set up Automatically encrypts all new objects Supports SSE- S3 and SSE- KMS Simplified compliance
- 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring Amazon S3 security settings Bucket access control view in S3 console AWS Trusted Advisor Amazon MacieAWS Config rules S3-bucket-public-read-prohibited S3-bucket-public-write-prohibited
- 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring Amazon S3 security settings (cont.) AWS CloudTrail Object encryption status Amazon S3 Inventory Amazon S3 Server Access Logs
- 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Securing data in Amazon Glacier • Encryption at rest • Amazon Glacier vault access policy • Amazon Glacier vault lock • AWS CloudTrail integration
- 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Basic permission model for a data lake • Principle of least privilege • Deny access to unauthorized users • Allow access to required resources
- 12. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sam Parmett PD Dutta
- 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.