AWS

Here you can find an information about the Amazon S3 and relevant issues.

Amazon S3 Security In-Depth Part 3: IAM Identities

This is the third article in a three-part series on Amazon S3 Security In-Depth. In Part I of this series, we discussed the different mechanisms you can use to allow access to your Amazon S3 buckets and objects. In Part II, we looked at writing identity-based policies to manage access to your S3 resources. In this Part III, we will cover authentication and identity within the context of AWS Identity and Access Management (IAM). Continue reading

Amazon S3 Security In-Depth Part 2: Basics of IAM Policies

This is the second in a three-part series on Amazon S3 Security In-Depth. In Part I of this series, we discussed the different mechanisms you can use to allow access to your Amazon S3 buckets and objects. In this Part II, we will take a deeper look at managing access to your S3 resources using AWS Identity and Access Management (IAM). Continue reading

Amazon S3 Security In-Depth Part 1: ACLs vs Bucket Policies vs IAM

To use Amazon S3 effectively, you need to be aware of the security mechanisms provided by AWS to control your S3 resources. This is the first part in a three-part series on S3 security. In this part, we will discuss the three different access control tools provided by AWS to manage your S3 resources. Continue reading

How to Use S3 Select to Save Time on Amazon S3

In this post, you will learn about S3 Select, a feature announced by AWS in 2017 to allow you to retrieve subsets of data from an object on S3. We will discuss why you would want to use S3 Select, then walk through a simple use case of how to use S3 Select with Boto 3, the AWS SDK for Python.

Continue reading

Don’t Use Consumer Grade Storage for Backup. Why?

One of the most critical aspects of a sensible backup strategy is the selection of backup storage. From Google Drive to a private Minio server, the range of options is truly infinite. Some of those storage services, however, come with limitations that force you to examine professional-grade choices. Continue reading

Managing IAM Permissions in the Cloud: AWS vs Microsoft Azure vs Google Cloud

All of the major public clouds offer identity and access management (IAM) tools. The exact nature of the various cloud IAM tools vary, however. So do their names.

As a result, if you are familiar with the IAM solutions available from one public cloud, such as Amazon Web Services (AWS), it can be challenging to understand how IAM tools work on another platform, like Google Cloud or Microsoft Azure.

This article clarifies that issue by comparing the identity and access management tools and frameworks associated with each of the three major public clouds -- AWS, Azure, and Google. It identifies the key IAM-related terms and tools to know for each cloud and explains the approach that each cloud takes to managing user accounts, groups, access control and (where applicable) Active Directory integration. Continue reading

Geo Redundancy Clash: Amazon S3, Microsoft Azure Blob and Google Cloud Storage

Geographical redundancy, or geo redundancy for short, is a valuable data storage strategy that can help to improve data reliability and availability. When you replicate data across multiple regions, your data is more resistant to disruptions that could cause damage to a particular data center or set of servers.

Want to take advantage of geo redundant storage but are unsure where to start? This article is for you. Below, we compare AWS replication across regions, Azure storage geo replication and the data replication features available on Google Cloud Storage.

The article’s goal is to help you understand which geo redundancy options are available from each of these three major cloud storage providers. Continue reading

Using Amazon S3 Pre-Signed URLs for Temporary Object Access

Protecting your S3 buckets is a critical security measure when using AWS. There have been numerous bad stories about unprotected S3 buckets, from established contractors like Accenture and Booz Allen Hamilton, to huge companies like Verizon Wireless and Time Warner Cable.

In this article, we'll learn how and why to use pre-signed S3 URLs to provide secure, temporary access to objects in your S3 buckets. We will discuss generating pre-signed S3 URLs for occasional, one-off use cases as well as programmatically generating them for use in yourapplication code. There are multiple code examples for each use case. Continue reading