Internet and from within Amazon EC2, so that data are transferred securely both within AWS and to and from sources outside of AWS. Securing data at rest involves physical security and data encryption. As mentioned in detail in “Physical Security,” Amazon employs multiple layers of physical security measures to protect customer data at rest. For example, physical access to Amazon datacenters is limited to an audited list of Amazon personnel. Encryption of sensitive data is generally a good security practice, and AWS encourages users to encrypt their sensitive data before it is uploaded to Amazon S3. When an object is deleted from Amazon S3, removal of the mapping from the public name to the object starts immediately, and is generally processed across the distributed system within several seconds. Once the mapping is removed, there is no remote access to the deleted object. The underlying storage area is then reclaimed for use by the system. Amazon S3 is designed to provide 99.999999999% durability and 99.99% availability of objects over a given year. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region. To help provide durability, Amazon S3 PUT and COPY operations synchronously store your data across multiple facilities before returning SUCCESS. Once stored, Amazon S3 helps maintain the durability of your objects by quickly detecting and repairing any lost redundancy. Amazon S3 also regularly verifies the integrity of data stored using checksums. If corruption is detected, it is repaired using redundant data. In addition, Amazon S3 calculates checksums on all network traffic to detect corruption of data packets when storing or retrieving data. Amazon S3 provides further protection via Versioning. You can use Versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With Versioning, you can easily recover from both unintended user actions and application failures. By default, requests will retrieve the most recently written version. Older versions of an object can be retrieved by specifying a version in the request. You can further protect your versions using Amazon S3 Versioning's MFA Delete feature, once enabled for an S3 bucket, each version deletion request must include the six- digit code and serial number from your multi factor authentication device. Access Logging An Amazon S3 bucket can be configured to log access to the bucket and objects within it. The access log contains details about each access request including request type, the requested resource, the requestor’s IP, and the time and date of the request. When logging is enabled for a bucket, log records are periodically aggregated into log files and delivered to the specified Amazon S3 bucket.
You've reached the end of your free preview.
Want to read all 24 pages?
- Spring '17
- Amazon Web Services, AWS, Amazon Elastic Compute Cloud