S3

Question 1

Encryption methods (encrytion at rest) for S3

Answer 1

• Client-side: Object is encrypted before the transit
• Server-side: Object is encrypted after the transit by the S3 infrastructure

Question 2

S3 Static Website Hosting is used for?

Answer 2

• Offloading: offload static media from EC2 to S3
• Out-of-band pages: backup website in case the host server needs maintenance

Question 3

S3 Encryption is not on…

Answer 3

• S3 Encryption is not on theBucket but on the Object
• Can set default Encryption Method in Bucket Properties

Question 4

S3 Server-side encryption has 2 components

Answer 4

• Encryption, decryption
• Generation, management of the Keys

Question 5

S3 Server-side encryption uses algorithm?

Answer 5

AES256

Question 6

S3 Server-side encryption types:

Answer 6

• SSE-C
• SSE-S3
• SSE-KMS: AWS Managed Key, User Managed Key

Question 7

Benefits of SSE-KMS?

Answer 7

• Users generate and manage their KMS Key (rotation, key policy)
• Role separation
• Integrate with audit services like CloudTrail to log all the Key’s usages

Question 8

What happens if the Admin User has full access to an S3 bucket but is denied to KMS access, which is used to encrypt some Objects inside the S3 bucket?

Answer 8

The Admin User will be blocked from accessing the Object which is encypted by the Key generated in KMS