Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Amazon Web Services

My Bucket, My Rules

Amazon Web Services and Amazon via AWS Skill Builder

Overview

Languages Available: Español (Latinoamérica) | Français | Bahasa Indonesia | 日本語 | 한국어 | Português (Brasil) | 中文(简体)

With more than 100 trillion objects in Amazon Simple Storage Service (Amazon S3) and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization.

You’re the bucket owner and you want to ensure that the bucket and its contents are compliant with the security guidelines and compliance regulations of your organization. This lab will demonstrate some examples of Amazon S3 preventative security best practices. Its goal is to provide you with the skills that you need to successfully configure and test policies to enforce the following:

      •    Where the bucket is accessed from

      •    Access permissions

      •    Encryption at rest and in transit

      •    The type of encryption that is required for compliance


Level

Intermediate


Duration

1 Hour 0 Minutes


Course objectives

In this course, you will learn how to:

      •    Configure the bucket policy to enforce HTTPS connections only.

      •    Configure the bucket policy to accept connections only through the virtual private cloud (VPC) endpoint.

      •    Configure bucket policy to only accept object uploads that use an accepted encryption method and encryption key.

      •    Test these requirements using the AWS Command Line Interface (AWS CLI).


Intended audience

This course is intended for:

      •    Security engineers responsible for the operations of secure cloud infrastructure, platforms, and software.


Prerequisites

To successfully complete this lab, you should be familiar with the following services or features:

      •    Amazon S3

      •    AWS Identity and Access Management (IAM)

      •    Amazon Virtual Private Cloud (Amazon VPC)

      •    VPC gateway endpoints

      •    AWS Key Management Service (AWS KMS)


Course outline

Task 1: Testing Amazon S3 connectivity and uploading test objects

Task 2: Enforcing HTTPS connections

Task 3: Enforcing access to the bucket through the VPC endpoint

Task 4: Restricting object uploads to your preferred encryption option and AWS KMS key

Reviews

Start your review of My Bucket, My Rules

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.