Amazon Web Services rolled out five new security and encryption features to its Simple Storage Service (S3) to make it easier for customers to protect their data.
Amazon had launched S3 back in 2006 with each block of it protected by an Access Control List (ACL) that kept the developers’ data private, shared either for reading or shared for both reading and writing, as needed.
From then, AWS has added many supports, including bucket policies, server access logging, versioning, API logging, encryptions etc. to keep the data safer. AI and machine learning support was also added to it with Amazon Macie, a tool for discovering, classifying and securing content at scale.
But recently, some of the leading companies who use AWS S3 buckets for storing their confidential data, found that their data was exposed on the web.
Responding to that, AWS announced five new security features to its S3 platform.
Default Encryption
The things stored in S3 didn’t use to get encrypted by default, and encryption was a complicated process where users had to create a bucket policy to reject the projects that were not encrypted.
With the update, users can now be confident that all their objects in bucket presented to S3 are automatically encrypted. The new encryption features have three server-side encryption options- SSE-S3 with keys managed by S3, SSE-KMS with keys managed by AWS KMS, and SSE-C with keys managed by users.
Permission Checks
AWS now allows users to see the impact of changes they make to bucket policies and ACLs, and then enable them to improve as soon as they find it.
Cross-Region Replication ACL Overwrite
This feature helps users copy the critical objects in a separate and distinct destination account that accesses multiple AWS regions. It enhances the existing ACL feature in S3 to enable developers to control the privacy setting of every block. Further, they can access permissions for the files, and the settings will be automatically replicated to another region if the files are replicated.
Cross-Region Replication with KMS
The users can now easily establish the destination key at the time of setting up cross-region replication with AWS Key Management Service (KMS). It encrypts the replicated objects to the destination over an SSL connection, while making sure that the objects remain in their original encrypted form, and only the envelopes that were containing the keys are changed.
Detailed Inventory Report
The Detailed Inventory Report contains the encryption status for all objects, and the reports themselves can now be encrypted.
Also read: Amazon Aurora now available with PostgreSQL compatibility
The new security and encryption features are already available and S3 users can start using them with no additional charges.