AWS Storage Blog
Category: Security, Identity, & Compliance
Protecting backup archives with WORM and Tape Retention Lock
Many AWS customers use AWS Storage Gateway’s Tape Gateway to back up and archive long-term mission-critical on-premises data in Amazon S3 Glacier and Amazon S3 Glacier Deep Archive. Customers in regulated industries are mandated by governance policies or regulatory compliance rules to retain their data for many years, or even indefinitely. For example, large banks, broker-dealers, and […]
Managing backups at scale in your AWS Organizations using AWS Backup
Customers want the ability to have a standardized way to manage their backups at scale with AWS Backup and their AWS Organizations. AWS Backup offers a centralized, managed service to back up data across AWS services in the cloud and on premises using AWS Storage Gateway. AWS Backup serves as a single dashboard for backup, restore, […]
Changing your Amazon S3 encryption from S3-Managed to AWS KMS
Customers who use Amazon Simple Storage Service (Amazon S3) often take advantage of S3-managed encryption keys (SSE-S3) for server-side object encryption (SSE). For many customers, the decision to use SSE-S3 meets their security requirements, as it protects their data at rest. However, for some other customers, SSE-S3 may have met their requirements initially, but their […]
Replicating existing objects between S3 buckets
UPDATE (8/25/2021): The walkthrough in this blog post for setting up a replication rule in the Amazon S3 console has changed to reflect the updated Amazon S3 console. UPDATE (2/10/2022): Amazon S3 Batch Replication launched on 2/8/2022, allowing you to replicate existing S3 objects and synchronize your S3 buckets. See the S3 User Guide for […]
AWS Identity and Access Management on AWS Snowball Edge
Many of our customers use AWS Snowball Edge devices for secure data transfer and edge computing applications. Recently, AWS announced support for AWS Identity and Access Management (IAM) on Snowball Edge. Before the introduction of IAM on Snowball Edge, IT administrators shared a single access key/secret key combination with all the users who wanted to […]
How Zalando built its data lake on Amazon S3
Founded in 2008, Zalando is Europe’s leading online platform for fashion and lifestyle with over 32 million active customers. I am a lead data engineer at Zalando and a steady contributor to the company’s cloud journey. In this blog post, I cover how Amazon Simple Storage Service (Amazon S3) became a cornerstone of the data […]
Encrypting existing Amazon S3 objects with the AWS CLI
Encryption of data at rest is increasingly required by industry protocols, government regulations, and internal organizational security standards. Encryption helps you protect your stored data against unauthorized access and other security risks. Amazon S3’s default encryption can be used to automate the encryption of new objects in your bucket, but default encryption does not change […]
Deploying Amazon FSx for Windows File Server into a shared VPC
As enterprises continue to move more of their application footprint to the cloud, they quickly realize that they need a solution for their file data. While many modern applications are built to interact with API driven storage services, like object stores, NoSQL, or graph databases (among others), there are still a large number of workloads […]
AWS Storage Gateway adds File Gateway audit logs
UPDATE 9/8/2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. As customers expand their use of cloud services, they must often align their security and compliance processes with existing enterprise requirements. In a hybrid cloud storage environment that includes both on-premises storage and cloud storage, it can be challenging for customers […]
Monitor, review, and protect Amazon S3 buckets using Access Analyzer for S3
At AWS, Security is more than just features – it’s a mindset. Today, we announced Access Analyzer for S3, a new feature that monitors your resource policies so you don’t have to. By default, all buckets and objects created in S3 are private. AWS enables you with mechanisms like Access Control Lists (ACLs) and Bucket […]