navigation

S3 Security Best Practices

In this lab, we practice security best practices for securing data in Amazon S3.

To protect your data in Amazon S3, by default, users only have access to the S3 resources they create. You can grant access to other users using one or a combination of the following access management features: AWS Identity and Access Management (IAM) to create users and manage access their respective; Access Control Lists (ACLs) to grant user access to each object; storage policy to configure permissions for all objects in an S3 bucket and Query String Validation to grant limited-time access to others using a temporary URL . Amazon S3 also supports Audit Logs that list requests made to S3 resources so you get a complete view of the audience and the data accessed.

Launch CloudFormation Template

Content

  1. Introduction
  2. Preparation
  3. Require HTTPS
  4. Require SSE-S3 Encryption
  5. Block Public ACLs
  6. Configure S3 Block Public Access
  7. Restrict Access to a S3 VPC Endpoint
  8. Use AWS Config Rules to Detect a Public Bucket
  9. Use Amazon Access Analyzer for S3
  10. Resource Cleanup