AWS Simple Storage Service (AWS S3) was integrated by Mindflow to enable users to automate their incident management and better protect their information system.
AWS S3 Overview
AWS S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance.
Customers can use Amazon S3 to store and protect data for various use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.
AWS S3 provides management features to optimize, organize, and configure access to your data to meet your specific business, organizational, and compliance requirements.
The solution further protects your data using versioning. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. You can quickly recover from unintended user actions and application failures with versioning. By default, requests retrieve the most recently written version. You can retrieve older versions of an object by specifying an understanding of the object in a request.
You have the following options for protecting data at rest in AWS S3: Server-Side Encryption – Request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the things.
S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket, simplifying access management for data stored in Amazon S3. By default, when another AWS account uploads an object to your S3 bucket, that account (the object writer) owns the object, has access to it, and can grant other users access to it through ACLs.
You can use it to change this default behavior. ACLs are disabled, and you, as the bucket owner, automatically own every object in your bucket. As a result, access control for your data is based on policies, such as IAM policies, S3 bucket policies, virtual private cloud (VPC) endpoint policies, and AWS Organizations service control policies (SCPs).
You can use S3 Object Lock to store objects using a write once, read many (WORM) model. Using S3 Object Lock, you can prevent an object from being deleted or overwritten for a fixed amount of time or indefinitely. S3 Object Lock enables you to meet regulatory requirements that require WORM storage or simply to add a layer of protection against object changes and deletion. For more information, see Using S3 Object Lock.
Enable versioning to keep multiple variants of an object in the same bucket to recover from unintended user actions and application failures quickly.
Enforce encryption of data in transit with HTTPS (TLS) to prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks.
Use AWS S3 Object Lock to store objects using a “Write Once Read Many” model.
Ensure that your Amazon S3 buckets use the correct policies and are not publicly accessible with Amazon S3 block public access.
Implement least privilege access to your Amazon S3 resources when granting permissions. You decide who is getting what permissions.
Consider data encryption at rest in Amazon S3 with Server-Side encryption or Client-Side Encryption.
Enable Amazon S3 server access logging for detailed records of the requests made to a bucket.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.