In a recent post on the AWS blog, Amazon announced the addition of several new security features to its S3 service. While AWS had offered a variety of security features prior to this update, these new additions can be useful to admins and organizations that are looking for ways to increase the security of the data.
Included in this AWS S3 security update are five new security features:
Default Encryption — Admins can now choose from among three server-side encryption options for Amazon S3 objects, including SSE-S3, SSE-KMS, and SSE-C. Additionally, admins can configure S3 buckets so that every object stored within them must be encrypted. What’s particularly nice about this option is that any unencrypted objects that get added to an S3 bucket, can be automatically encrypted.
Permission Checks — Amazon S3 buckets can now be secured using the same access control list (ACL) technology that’s used when applying Managed Configuration Rules. What’s more is that users can view each bucket’s access control level from within their dashboards. This can be particularly useful for checking permission levels at a glance when there are many S3 buckets on the same account.
Cross-Region Replication ACL Overwrite — When using Cross-Region Replication to copy objects from one bucket to another bucket on a different AWS account, users can now allow full access control list (ACL) access to the owner of the destination bucket. This splits the ownership of the source and destination data amongst the two accounts.
Cross-Region Replication with KMS — When replicating SSE-KMS encrypted objects across AWS regions, it can sometimes be difficult as KMS keys are region-specific. However, users are now able to set the destination key when configuring the replication. This makes it easier to replicate data across regions while ensuring that the data remains encrypted throughout the whole process.
Detailed Inventory Report — Users can now enable daily or weekly S3 inventory reports, enabling them to view information regarding the encryption of objects stored within their S3 buckets.
The above features are now available for use with Amazon’s S3 service. As for pricing, all of them can be enabled for free but it should be noted that users will be charged the standard rates for calls to KMS, S3 storage, S3 requests, and inter-region data transfer.
With many organizations are moving storage infrastructures to the cloud, it is crucial for admins to ensure that they are doing everything within their power to keep both organizational and user data safe. And with new security features like default encryption, secure object replication, and providing automated security inventory reports, Amazon is helping AWS S3 admins to do just that – keep user data secure in an efficient and effective manner.