Amazon rolls out new S3 security components

Company’s flagship cloud storage solution now includes default encryption, permission checks, and cross-region replication features

Amazon Web Services (AWS) has launched five new encryption and security features for its S3 cloud storage solution.

Launched in 2006, Amazon S3 (Simple Storage Service) has grown to become one of the world’s most popular scalable storage solutions, utilized by a wide range of public and private sector organizations.

Following multiple reports of so-called ‘leaky’ S3 buckets – primarily due to user misconfiguration resulting in openly accessible data – AWS’ Jeff Barr said the rollout of the five new features will help customers store and manage their data in a more secure manner.

“We have added support for bucket policies, server access logging, versioning, API logging, cross-region replication, and multiple client-side and server-side encryption options, all with the goal of giving you the tools you need to keep your data safe while allowing you to share it with customers and partners as needed,” said Barr in a recent AWS blog post.

“We also brought the power of artificial intelligence and machine learning in to play, with the launch of Amazon Macie, a tool that helps you to discover, classify, and secure content at scale.”

Barr provided a rundown of the five new S3 encryption and security features:

Default Encryption – Users can now mandate that all objects in a bucket must be stored in encrypted form without having to construct a bucket policy that rejects objects that are not encrypted.

Permission Checks – The S3 console now displays a prominent indicator next to each S3 bucket that is publicly accessible.

Cross-Region Replication ACL Overwrite – When a user replicates objects across AWS accounts, they can now specify that the object gets a new ACL that gives full access to the destination account.

Cross-Region Replication with KMS – Users can now replicate objects that are encrypted with keys that are managed by AWS Key Management Service (KMS).

Detailed Inventory Report – The S3 Inventory report now includes the encryption status of each object. The report itself can also be encrypted.

All of these features are available now for free, although customers will be charged the usual rates for calls to KMS, S3 storage, S3 requests, and inter-region data transfer.