Amazon S3 Security

Question 1

What are the four encryption options in S3?

Answer 1

Question 2

How does Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) in S3 work? And what is the encryption type?

Answer 2

Question 3

How does Server-Side Encryption with KMS Keys stored in AWS KMS (SSE-KMS) in S3 work?

Answer 3

Question 4

What are the limits of using Server-Side Encryption with KMS Keys stored in AWS KMS (SSE-KMS)?

Answer 4

Question 5

How does Server-Side Encryption with Customer-Provided Keys (SSE-C) in S3 work?

Answer 5

Question 6

How does Client-Side Encryption in S3 work?

Answer 6

Question 7

How does Encryption in transit (SSL/TLS) in S3 work?

Answer 7

Question 8

How would you force encryption in transit for an S3 bucket?

Answer 8

Question 9

How does default encryption in S3 work with encryption enforced by bucket policies?

Answer 9

Question 10

What is CORS?

Answer 10

Question 11

How does a CORS request actually work?

Answer 11

Question 12

How does CORS apply to Amazon S3?

Answer 12

Question 13

How does the security feature, MFA Delete, work in S3?

Answer 13

Question 14

What are S3 Access Logs and how do they work?

Answer 14

Question 15

What happens if you set the logging bucket to be the same as the monitored bucket for S3 Access Logs?

Answer 15

Question 16

What are Amazon S3 Presigned URLs?

Answer 16

Question 17

What is S3 Glacier Vault Lock?

Answer 17

Question 18

What is S3 Object Lock?

Answer 18

Question 19

What are S3 Access Points?

Answer 19

Question 20

How does the VPC Origin for S3 Access Points work?

Answer 20

Question 21

What is a way to control access to S3 data using Lambdas?

Answer 21