With more than 100 trillion objects in Amazon Simple Storage Service (Amazon S3) and an almost unimaginably broad set of use cases, securing data stored in Amazon S3 is important for every organization.
You’re the bucket owner and you want to ensure that the bucket and its contents are compliant with the security guidelines and compliance regulations of your organization. This lab will demonstrate some examples of Amazon S3 preventative security best practices. Its goal is to provide you with the skills that you need to successfully configure and test policies to enforce the following:
• Where the bucket is accessed from
• Access permissions
• Encryption at rest and in transit
• The type of encryption that is required for compliance
Level
Intermediate
Duration
1 Hour 0 Minutes
Course objectives
In this course, you will learn how to:
• Configure the bucket policy to enforce HTTPS connections only.
• Configure the bucket policy to accept connections only through the virtual private cloud (VPC) endpoint.
• Configure bucket policy to only accept object uploads that use an accepted encryption method and encryption key.
• Test these requirements using the AWS Command Line Interface (AWS CLI).
Intended audience
This course is intended for:
• Security engineers responsible for the operations of secure cloud infrastructure, platforms, and software.
Prerequisites
To successfully complete this lab, you should be familiar with the following services or features:
• Amazon S3
• AWS Identity and Access Management (IAM)
• Amazon Virtual Private Cloud (Amazon VPC)
• VPC gateway endpoints
• AWS Key Management Service (AWS KMS)
Course outline
Task 1: Testing Amazon S3 connectivity and uploading test objects
Task 2: Enforcing HTTPS connections
Task 3: Enforcing access to the bucket through the VPC endpoint
Task 4: Restricting object uploads to your preferred encryption option and AWS KMS key
