loader image

TYPE OF TOOLS

CATEGORIES

AWS S3 x Mindflow

AWS S3

By mindflow

AWS Simple Storage Service (AWS S3) and Mindflow have partnered to enable users to automate their incident management and better protect their information systems.

AWS S3 Overview

AWS S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. 

Customers can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. 

AWS S3 provides management features so that you can optimize, organize, and configure access to your data to meet your specific business, organizational, and compliance requirements.

The solution further protects your data using versioning. You can use versioning to preserve, retrieve, and restore every version of every object that is stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures. By default, requests retrieve the most recently written version. You can retrieve older versions of an object by specifying a version of the object in a request.

You have the following options for protecting data at rest in AWS S3: Server-Side Encryption – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects.

S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. By default, when another AWS account uploads an object to your S3 bucket, that account (the object writer) owns the object, has access to it, and can grant other users access to it through ACLs. 

You can use it to change this default behavior. ACLs are disabled, and you, as the bucket owner, automatically own every object in your bucket. As a result, access control for your data is based on policies, such as IAM policies, S3 bucket policies, virtual private cloud (VPC) endpoint policies, and AWS Organizations service control policies (SCPs).

You can use S3 Object Lock to store objects using a write once, read many (WORM) model. Using S3 Object Lock, you can prevent an object from being deleted or overwritten for a fixed amount of time or indefinitely. S3 Object Lock enables you to meet regulatory requirements that require WORM storage or simply to add an additional layer of protection against object changes and deletion. For more information, see Using S3 Object Lock.

Benefits

  • Enable versioning to keep multiple variants of an object in the same bucket to easily recover from both unintended user actions and application failures
  • Enforce encryption of data in transit with HTTPS (TLS) to prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks
  • Use AWS S3 Object Lock to store objects using a “Write Once Read Many” model
  • Ensure that your Amazon S3 buckets use the correct policies and are not publicly accessible with Amazon S3 block public access
  • Implement least privilege access to your Amazon S3 resources when granting permissions, you decide who is getting what permissions
  • Consider encryption of data at rest in Amazon S3 with Server-Side encryption or Client-Side Encryption
  • Enable Amazon S3 server access logging for detailed records of the requests that are made to a bucket

Related integrations