Amazon’s Simple Storage Service (S3) solution will be receiving new encryption and security features designed to keep data safe. The new features include default encryption, permission checks, cross-region replication Access Control List (ACL) overwrite, cross-region replication with KMS, and a detailed inventory report.
AWS S3 recently made headlines for open buckets (storage units) that left data vulnerable. Some of today’s new features look to address these open bucket issues.
Default encryption provides three server-side encryption options for S3 objects. In addition, it enables users to “mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted,” Jeff Barr, chief evangelist for AWS, wrote in a post.
S3 will now display an indicator next to each publicly accessible bucket, along with information on what permission elements are enabling that access. “You will know right away if you open up a bucket for public access, allowing you to make changes with confidence,” Barr wrote.
The cloud solution’s new cross-region replication ACL feature enables users to specify that replicated objects get a new ACL, giving full access to the destination account. “With this change, ownership of the source and the destination data is split across AWS accounts, allowing you to maintain separate and distinct stacks of ownership for the original objects and their replicas,” wrote Barr. Replicated objects can also now be encrypted and managed with AWS Key Management Service.
Finally, the inventory report now shows the encryption status of each object.