AWS Storage Blog
Category: Security, Identity, & Compliance
Protecting encrypted Amazon RDS instances with cross-account and cross-Region backups
Organizations are looking for solutions to protect their valuable data against ransomware attacks, natural disasters, and operational errors. Many of these organizations operate in regulated industries and must maintain data long-term to meet compliance obligations and business continuity goals. In AWS, customers can accomplish these goals by backing up mission-critical databases into centralized backup storage […]
How Simon Data reduced encryption costs by using Amazon S3 Bucket Keys on existing objects
As more organizations look to operate faster and at scale, they need ways to meet critical compliance requirements and improve data security. Encryption is a critical component of a defense in depth strategy, and when used correctly, can provide an additional layer of protection above basic access control. However, workloads that access millions or billions […]
Allowing external users to securely and directly upload files to Amazon S3
Organizations are often required to store files, images, and other digital assets in a repository. In many cases, the source of these files are partners or individuals who are not connected to internal systems and requires corporate authentication in order to upload the files. Customers traditionally use servers to handle file uploads, which can use […]
Automate visibility of backup findings using AWS Backup and AWS Security Hub
Centralizing and automating data protection helps you support your business continuity and regulatory compliance goals. Backup compliance includes the ability to define and enforce backup policies to encrypt your backups, protect them from manual deletion, prevent changes to your backup lifecycle settings, and audit and report on backup activity from a centralized console. A common […]
Enabling user self-service key management with AWS Transfer Family and AWS Lambda
Customers who use the AWS Transfer Family service are typically exchanging files with their business partners who provide them with SSH public keys. In a large-scale deployment of the AWS Transfer Family service, public key management eventually becomes a time-consuming task to refresh expired keys and rotate keys for security. When using custom identity providers (custom IdP), […]
Managing access to your Amazon S3 objects with a custom authorizer
Data protection is critical for most customers seeking to safeguard information, maintain compliance, secure applications, and more. Protecting data can become challenging when different entities or personas need different levels of access to data. In Amazon S3, access control can be managed with tools like AWS Identity and Access Management (IAM) policies, bucket policies, access […]
Simplify auditing your data protection policies with AWS Backup Audit Manager
Have you had to prove to an auditor that you are protecting and retaining data adequately to meet regulatory or organizational requirements? The audit process can be resource intense. To meet an auditor’s criteria, the burden of proof is on you to show that you had proper controls in place to protect and retain your […]
Obtain aggregated daily cross-account multi-Region AWS Backup reporting
UPDATE (2/3/2022): Source code extended to support AWS Backup for Amazon S3. UPDATE (6/24/2022): Source code updated to support tag extraction to support cost allocation reporting. Customers treat data as an asset and look to protect their data assets through data protection mechanisms. Customers value the seamless ability to report and act on data protection […]
Copying objects greater than 5 GB with Amazon S3 Batch Operations
Update (3/4/2022): Added support for Glacier Instant Retrieval storage class. Update (4/19/2022): Included the copy destination prefix parameter in the Amazon CloudFormation template. Update (10/26/2022):Added performance guidance and best practices, and included template optimized for copying objects restored from archive to a different storage class. A large number of customers store their data in Amazon […]
Enhance the security posture of your backups with AWS Backup Vault Lock
When dealing with backups, data managers frequently ask, “how do I prevent my backups from being accidentally or maliciously deleted?” or “what can I do to enhance protection against ransomware?” In highly regulated industries, WORM* (write-once-read-many) compliance is required for backups and archives. WORM compliance means immutability and an immutable backup helps in the recovery […]