Increasing Your Security Posture when Using Amazon S3
S3 Encryption Mechanisms
Amazon S3 Lifecycle Configurations
Introduction to Amazon EFS
EFS in Practice
Amazon Elastic Block Store (EBS)
AWS Storage Gateway
Performance Factors Across AWS Storage Services
The course is part of this learning path
This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core storage concepts and services relevant to the SAP-C02 exam. We start with an introduction to AWS storage services, understand the options available, and learn how to select and apply AWS storage services to meet specific requirements.
- Obtain an in-depth understanding of Amazon S3 - Simple Storage Service
- Learn how to improve your security posture in S3
- Get both a theoretical and practical understanding of EFS
- Learn how to create an EFS file system, manage EFS security, and import data in EFS
- Learn about EC2 storage and Elastic Block Store
- Learn about the different performance factors associated with AWS storage services
Server-Side Encryption with Customer Provided Keys, SSE-C. The encryption process is as follows. Firstly, a client uploads Object Data and the Customer-provided Key to S3 for a HTTPS. It will only work with the HTTPS connection. Otherwise, S3 will reject it. S3 will then use the Customer-provided Key to encrypt the Object Data. S3 will also create a sorted HMAC value of the Customer-provided Key for future validation requests. The encrypted Object Data, along with the HMAC value of the Customer Key is then saved and stored on S3. The Customer-provided Key is then removed from memory. The decryption process is as follows. A request is made by the client via HTTPS connection to S3 to retrieve the Object Data. At the same time, the Customer-provided Key is also sent with the request. S3 uses the HMAC value of the same key to confirm it's validity of the requested object. The Customer-provided Key is then used to decrypt the encrypted Object Data. The Object Data is then sent back to the client.
Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.