AWS Big Data Exam updated to AWS Certified Data Analytics Specialty.

Data integrity is the maintenance of, and the assurance of

  • the accuracy of data
  • and consistency of data

over its entire life-cycle.

A data store’s classification must consider confidentiality, availability, and integrity as a baseline for data security.

  • Confidentiality – Only authorized access permitted.
  • Integrity – Completeness, accuracy and freedom from unauthorized change.
  • Availability – Accessibility and usability when required.

Amazon S3, by default, provides object metadata for every object including:

  • Date
  • Content-Length
  • Last-Modified
  • Content-MD5

The AWS Cloud Adoption Framework (AWS CAF) covers five key capabilities:

  • AWS Identity and Access Management (IAM): Define, enforce, and audit user permissions across AWS services, actions, and resources.
  • Detective control: Improve your security posture, reduce the risk profile of your environment, and gain the visibility you need to spot issues before they impact your business.
  • Infrastructure security: Reduce the surface area of the infrastructure you manage and increase the privacy and control of your overall infrastructure on AWS.
  • Data protection: Implement appropriate safeguards that help protect data in transit and at rest by using natively integrated encrypted services.
  • Incident response: Define and execute a response to security incidents.as a guide for security planning.

The following security best practices also address data protection in Amazon S3:

  • Implement server-side encryption
  • Enforce encryption of data in transit
  • Consider using Amazon Macie with Amazon S3
  • Identify and audit all your Amazon S3 buckets
  • Monitor AWS security advisories
  • Implement least privilege access
  • Use IAM roles for applications and AWS services that require Amazon S3 access
  • Enable multi-factor authentication (MFA) Delete
  • Consider encryption of data at rest
  • Enforce encryption of data in transit – Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket policies.
  • Consider Amazon S3 Object Lock – Amazon S3 Object Lock enables you to store objects using a “Write Once Read Many” (WORM) model.
  • Consider VPC endpoints for Amazon S3 access

Security Monitoring and Auditing Guidelines

  • Identify and audit all your Amazon S3 buckets
  • Implement monitoring using AWS monitoring tools
  • Enable Amazon S3 server access logging
  • Use AWS CloudTrail
  • Enable AWS Config
  • Consider using Amazon Macie with Amazon S3
  • Monitor AWS security advisories

Menu