In this recipe, we will learn to encrypt data on S3 at rest using server-side encryption techniques. Encryption on the server side can be done in three ways: server-side encryption with S3-managed keys (SSE-S3), server-side encryption with KMS-managed keys (SSE-KMS), and server-side encryption with customer-provided keys (SSE-C). In client-side encryption, data is encrypted on the client side and then sent to the server.
- Title Page
- Copyright and Credits
- Dedication
- About Packt
- Contributors
- Preface
- Managing AWS Accounts with IAM and Organizations
- Securing Data on S3 with Policies and Techniques
- Technical requirements
- Creating S3 access control lists
- Creating an S3 bucket policy
- S3 cross-account access from the CLI
- S3 pre-signed URLs with an expiry time using the CLI and Python
- Encrypting data on S3
- Protecting data with versioning
- Implementing S3 cross-region replication within the same account
- Implementing S3 cross-region replication across accounts
- User Pools and Identity Pools with Cognito
- Key Management with KMS and CloudHSM
- Technical requirements
- Creating keys in KMS
- Using keys with external key material
- Rotating keys in KMS
- Granting permissions programmatically with grants
- Using key policies with conditional keys
- Sharing customer-managed keys across accounts
- Creating a CloudHSM cluster
- Initializing and activating a CloudHSM cluster
- Network Security with VPC
- Working with EC2 Instances
- Technical requirements
- Creating and configuring security groups
- Launching an EC2 instance into a VPC
- Setting up and configuring NAT instances
- Creating and attaching an IAM role to an EC2 instance
- Using our own private and public keys with EC2
- Using EC2 user data to launch an instance with a web server
- Storing sensitive data with the Systems Manager Parameter Store
- Using KMS to encrypt data in EBS
- Web Security Using ELBs, CloudFront, and WAF
- Technical requirements
- Enabling HTTPS on an EC2 instance 
- Creating an SSL/TLS certificate with ACM
- Creating a classic load balancer
- Creating ELB target groups
- Using an application load balancer with TLS termination at the ELB
- Using a network load balancer with TLS termination at EC2
- Securing S3 using CloudFront and TLS
- Configuring and using the AWS web application firewall (WAF)
- Monitoring with CloudWatch, CloudTrail, and Config
- Technical requirements
- Creating an SNS topic to send emails
- Working with CloudWatch alarms and metrics
- Creating a dashboard in CloudWatch
- Creating a CloudWatch log group
- Working with CloudWatch events
- Reading and filtering logs in CloudTrail
- Creating a trail in CloudTrail
- Using Athena to query CloudTrail logs in S3
- Cross-account CloudTrail logging
- Integrating CloudWatch and CloudTrail
- Setting up and using AWS Config
- Compliance with GuardDuty, Macie, and Inspector
- Additional Services and Practices for AWS Security
- Technical requirements
- Setting up and using AWS Security Hub
- Setting up and using AWS SSO
- Setting up and using AWS Resource Access Manager
- Protecting S3 Glacier vaults with Vault Lock
- Using AWS Secrets Manager to manage RDS credentials
- Creating an AMI instead of using EC2 user data
- Using security products from AWS Marketplace
- Using AWS Trusted Advisor for recommendations
- Using AWS Artifact for compliance reports
- Other Books You May Enjoy
Encrypting data on S3
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.