Exploring S3 Object level logging and Encryption | Scribe

    Exploring S3 Object level logging and Encryption

    • Hafeez Baig |
    • 10 steps |
    • 3 minutes
    information ordinal icon

    Refer to the following guide to learn how to use IAM in the cloud\ <https://scribehow.com/shared/Creating_an_IAM_User_and_User_Group_in_AWS_Management_Console__hWNiiXlcRJKFqYZZEJD-cg>

    1

    Sign in to **AWS Management Console** as an **IAM User** **Pre-requisite** - Ensure you have selected the AWS region closest to your location\ For this guide, we will be using us-east-2 (Ohio) as a preferred choice

    2

    Type **S3** in the search bar and click on **S3** to view the S3 Dashboard

    information ordinal icon

    **What is Amazon S3?** Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web. S3 offers high availability, durability, and security for data storage needs.

    3

    On the S3 dashboard, Under the **General purpose buckets** section click on the Name **my-aws-bucket-in28minutes**

    information ordinal icon

    Refer to the following guide to learn how to create S3 Bucket<https://scribehow.com/shared/Creating_an_S3_Bucket_and_Exploring_the_UI__0TFMdpbkQvS6jOisdkQjeA>

    4

    **my-aws-bucket-in28minutes** wizard will open, click on the **Permissions** tab and click on the **Properties** tab

    5

    Scroll to the **Defult encryption** section

    information ordinal icon

    **What is Default encryption in AWS?** Amazon S3 automatically encrypts all new objects added to buckets with the Server-Side Encryption with Amazon S3-managed keys (SSE-S3) by default. This means your data is encrypted at rest using a 256-bit Advanced Encryption Standard (AES) key managed by Amazon. This adds an extra layer of security without any performance impact.

    6

    Click on the **Edit** button

    7

    **Edit default encryption** wizard will open, Scroll to the Default encrypion section and under **Encryption type** choose the option **Dual-layer server-side encrption with Amazon Key Managemen(DSSE-KMS)**

    information ordinal icon

    **In Amazon Web Services (AWS), there are several encryption types:** **SSE-S3 (Server-Side Encryption with Amazon S3):** AWS manages the encryption and decryption of data stored in Amazon S3. It uses an AES-256 encryption algorithm. **SSE-KMS (Server-Side Encryption with AWS Key Management Service):** Similar to SSE-S3, but it allows you to use AWS Key Management Service (KMS) to manage encryption keys, providing more control over access and auditing. **DSSE-KMS (Dual-layer server-Side Encryption with AWS Key Management Service):** AWS automatically encrypts objects stored in S3 using KMS-managed keys. This simplifies encryption setup by defaulting to KMS for encryption.

    8

    Scroll to the **AWS KMS key** section and choose the option **Enter AWS KMS key ARN**

    information ordinal icon

    **What is AWS KMS key?** AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data.

    9

    Alternatively, you can create an **AWS KMS key** and then choose it from the list of Available AWS KMS keys from the dropdown

    10

    Scroll the page and click on the **Save changes** button

    information ordinal icon

    In conclusion, we explored Object-level logging and Encryption configurations in Amazon S3. Object-level logging enables tracking of API activity through CloudTrail, while encryption options like SSE-S3 and KMS ensure data security. Implementing these practices enhances data protection and compliance in the AWS environment.

    information ordinal icon

    Congratulations on completing the lab and exploring S3 object-level logging and encryption! Well done!