Section 14: Amazon S3 Security

Question 1

Which are the 4 methods of encryption we can use with Amazon S3?

Answer 1

• Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
• Server-Side Encryption with KMS Keys stored in AWS KMS (SSE-KMS)
• Server-Side Encryption with Customer-Provided Keys (SSE-C)
• Client-Side Encryption

Question 2

Which header do you need to set when uploading a file to S3 to enable SSE-S3?

Answer 2

“x-amz-server-side-encryption”: “AES256”

Question 3

Which header do you need to set to enable SSE-KMS in S3?

Answer 3

“x-amz-server-side-encryption”: “aws:kms”

Question 4

You would like to add a user-specific watermark on the images retrieved from an S3 bucket. How can you do this?

Answer 4

Using access points.

Create an S3 Object Lambda Access Point to invoke a Lambda function. The function will request the S3 object from a dedicated S3 Access Point and handle the logic to add the watermark.

Question 5

What are S3 access points?

Answer 5

Access Points simplify security management for S3 Buckets. You can create an S3 Access Point and point it to a specific folder in the bucket, so no other folders or objects are available. This simplifies security management. Access point policies are used to manage security.