Thanks alot ,please create a video on these gateways like virtual private gateway ,transit gateway , border gateway ,customer gateway , interface endpoint ,gateway endpoint , vpc endpoints ,these concepts are really confusing
@cloudonaut2 жыл бұрын
Thanks a lot for your feedback. Will add your content wishes into our backlog.
@oleksandrlytvyn532 Жыл бұрын
Thanks
@cloudonaut Жыл бұрын
You are welcome!
@raze52 жыл бұрын
What you think would be reasons to NOT to enable bucket key? But choosing more expensive key instead?
@cloudonaut2 жыл бұрын
I don't see a good reason. All other services use similar optimizations to reduce kms requests.
@putinaspiliponis64282 жыл бұрын
What are security considerations for SSE-KMS bucket keys versus object keys? I kinda got the impression that in the case of "bucket key" the original requestor entity doesn't have to be granted specifically to use a specific KMS key.
@cloudonaut2 жыл бұрын
bucket keys are much cheaper in terms of KMS API calls. The only change is that all objects are encrypted with the same key. Which makes sense anyways.
@thatguynick7992 Жыл бұрын
Is there an updated version of this content. Currently there isn’t an option to enable and disable encryption. SSE-S3 is default
@cloudonaut Жыл бұрын
Correct, S3 buckets are encrypted by default those days. Up until know, we haven't recorded an updated video yet.
@sarulatha73742 жыл бұрын
Hi Thanks a lot for this video. Could you please make a video how to encrypt and decrypt the files using AWS KMS
@cloudonaut2 жыл бұрын
Good point, will add that to our TODO list. :)
@brunocardoso82772 жыл бұрын
Hi, thanks for the content. if I may ask a question, how can i write the policies for SSE-S3 encryptions? I tried some, but when I set nothing in the header its was rejecting all my requests from a Java Client. Thanks
@cloudonaut2 жыл бұрын
I'd say, replacing s3:x-amz-server-side-encryption-aws-kms-key-id: !GetAtt 'Key.Arn' from our example with "s3:x-amz-server-side-encryption": "AES256" should do the trick.
@Niko-kf1gt2 жыл бұрын
I have couple of s3 buckets where the default encryption is turned on by default (SS3-S3) but for some reason some objects are showing as unencrypted. I wonder if we can encrypt after an object has been uploaded , if I go to the object and try to edit the server-side encryption it says I don't have permission.
@cloudonaut2 жыл бұрын
The default encryption does only apply when creating or updating/replacing an object. The setting does not affect objects, that have been created before.
@RahulAhire2 жыл бұрын
How can I verify that the objects are actually encrypted.
@cloudonaut2 жыл бұрын
What do you mean by "verify that the objects are actually encrypted"? As the de/encryption happens on-the-fly you have to trust AWS and their security/quality certifications, that the encryption is working. All you can do is the check the details of an object to check which encryption was applied.
@RahulAhire2 жыл бұрын
@@cloudonaut whenever I access the encrypted files in console or preview it, I get it in its original form. Let's says there's a hack (or there's a raid by police) that my system faced and by mistakenly I allow read access. How can I see if the encryption is working. When I encryption a text file locally it automatically turns into something random.