Protecting S3 Files

In this lesson, you will learn how to protect your files through encryption when you store them in S3.

We'll cover the following

Encrypting files

Encrypting files #

Users can now upload files, but they may rightly be concerned about security and privacy. You can encrypt the file contents to protect them. In a typical three-tier server application, an application server could receive user data and then encrypt it before saving it to S3. With a direct upload, you can’t control what is sent to S3, because you’ve removed the gatekeeper. You could try encrypting this on the client device before sending it, but then you couldn’t use just a simple browser form. Plus, you’d have to somehow send your encryption keys to client devices, which can create a security nightmare. Because encryption was such a common need, AWS implemented it as part of the platform. With serverless architectures, most gatekeeper roles are passed onto the platform, not to a Lambda function.

You can just flip a switch and all newly created files on S3 will be encrypted at rest, regardless of where they come from. With CloudFormation, that switch is behind the BucketEncryption property of the AWS::S3::Bucket resource. You can change the template resource definition for the bucket to look like this:

Get hands-on with 1200+ tech skills courses.

Getting Started

Setup Tools for Local Development

Creating a Web Service

Host a Serverless Application on AWS Lambda

Development and Troubleshooting

Core Features of AWS Lambda

Handling HTTP Requests

Using External Storage

Cheaper, Faster, Serverless

Handling Platform Events

Using Application Components

Managing Sessions and User Workflows

Designing Robust Applications

Deployment Options

Process Amazon SNS Notifications with AWS Lambda

Protecting S3 Files

Encrypting files #