Keep your data safe and sound on Amazon S3, check out the new security updates!
Amazon S3 is one of the most popular data storage platforms today. It’s used for many different use cases like data leaks, backup and storage, archiving or cloud native applications like salesforce. Most commonly developers can integrate salesforce with Amazon S3 to build applications, Drive business intelligence and optimize S3 as a storage repository for raw data in its native format.
Amazon AWS recently pushed a security update in January 2023. The update applied server side encryption for each new object in Amazon S3. And the best part is, nothing has to be done from the user side. This is particularly useful for organizations that require all their objects to remain encrypted at rest with SSE-S3. Thus the encryption compliance requirements are met without any additional tools or client configuration changes.
You still have the option to encrypt your data with customer provided encryption keys, or AWS key management services, if you wish to move away from the default server side encryption.
As of April 2023, businesses worldwide are anticipating two new security updates to Amazon Simple Storage Service or Amazon S3.
Let’s see what the updates are
- Blocking all public access: Amazon S3 is a storage service that stores data within buckets. To store any data one first creates a bucket and a WS region. The AWS identity and access management web service also helps securely control access, centrally manage permissions and specify authorization for resources.
The new update will provide security at the account level on all individual buckets, including those created in the future. The user has the ability to block existing public access and to ensure public access is not granted to newly created items. All newly created buckets (via the S3 API, S3 CLI, AWS Software Development Kits or AWS CloudFormation templates) in S3 will by default have VS3 block public access enabled and Access Control List disabled. This means all buckets newly created will not be publicly available and hence will remain secure. This has been recommended as the best practice and allows you more control over data access.
If one needs to grant public access for a new bucket it can be created as usual and then simply delete the public access block.. With this change Amazon wishes to impress upon its users that public access is to be used only for web hosting.
- Disabling of ACLs: According to this update the Original creator of the bucket will be The default owner. Does all the data stored in the bucket Will also be only directly owned by the owner.
Just to ensure that no matter who uploads data or objects in the bucket the ownership remains the same and hence the data is not easily altered. However if one wants to enable change in ownership they can do so with the Delete bucket ownership controls permission once the bucket is created.
With these security updates Amazon S3 makes your stored data more secure and gives you more control over who can access this data with minimal actions needed from the user’s side. Making it an even more powerful tool when used with the salesforce platform.