The latest articles on DEV Community by sajeedmoh (@sajeedmoh_27). https://dev.to/sajeedmoh_27 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1278104%2F5d6fda60-4ef7-43b9-88f8-12e93bf203c6.png https://dev.to/sajeedmoh_27 en sajeedmoh Sun, 24 Mar 2024 14:11:57 +0000 https://dev.to/sajeedmoh_27/aws-dsse-kms-dual-side-encryption-on-s3-4nhg https://dev.to/sajeedmoh_27/aws-dsse-kms-dual-side-encryption-on-s3-4nhg <h2> AWS-DSSE-KMS — Dual side encryption on S3 </h2> <p>AWS S3 support dual side encryption key with KMS.Utilizing dual-layer server-side encryption with AWS KMS keys involves applying two layers of encryption to objects during their upload to Amazon S3. Its helps compliance with standards that require multilayer encryption for data.</p> <p>How to enable DSSE-KMS key on AWS Console.</p> <ol> <li><p>Sign into AWS console and open S3 bucket properties tab.</p></li> <li><p>Select Default encryption section and choose to edit.</p></li> <li><p>Under encryption type select Dual-Layer server-side encryption with AWS Key Management Service Keys (DSSE-KMS).</p></li> <li><p>Under AWS KMS Key we can select Choose from your AWS KMS Keys or AWS KMS Keys in the list.</p></li> </ol> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--dXmo772y--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2A1xA9BXT2B-Aex-ivy_sqtQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--dXmo772y--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2A1xA9BXT2B-Aex-ivy_sqtQ.png" alt="" width="520" height="402"></a></p> <p><strong>How to enable DSSE-KMS key on AWS CLI</strong></p> <p>Below AWS CLI command to upload new object into AWS S3 with enable dsse key.</p> <p><strong>aws s3api put-object — bucket s3-bucket-name — key object-name — server-side-encryption aws:kms:dsse — ssekms-key-id kms_key-id — body filepath</strong></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--obkqyVIx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2ApVTtu0ufvzPtpkllnmJOmw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--obkqyVIx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2ApVTtu0ufvzPtpkllnmJOmw.png" alt="" width="517" height="175"></a></p> <p>— ssekms-key-id -&gt; specify customer managed aws kms key or it will use aws managed kms key (aws/s3).</p> <p><strong>How to restrict all objects uploaded into s3 should be encrypted by DSSE-KMS</strong>Add below s3 bucket policy.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ByTlLNib--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2AFAZNr__GIp_eswWMVQV7EQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ByTlLNib--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/2000/1%2AFAZNr__GIp_eswWMVQV7EQ.png" alt="" width="491" height="338"></a></p> <p>-&gt; S3 bucket key won’t support for DSSE-KMS.</p> sajeedmoh Mon, 18 Mar 2024 12:15:27 +0000 https://dev.to/sajeedmoh_27/setup-mfa-delete-in-s3-bucket-3d9g https://dev.to/sajeedmoh_27/setup-mfa-delete-in-s3-bucket-3d9g <h2> <strong>Setup MFA Delete in S3 bucket</strong> </h2> <p>Enabling MFA (Multi-Factor Authentication) delete functionality on an S3 bucket helps prevent accidental deletion of files.</p> <p>Step to enable MFA delete on S3 bucket.</p> <ol> <li>Make sure S3 bucket version is enabled.</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2A3h4B40EoF5ZIhuWzyRVRUg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2A3h4B40EoF5ZIhuWzyRVRUg.png"></a></p> <ol> <li>Below CLI command to enable MFA delete</li> </ol> <p>aws s3api put-bucket-versioning — bucket s3 bucket name — versioning-configuration Status=Enabled,MFADelete=Enabled — mfa “:aws:iam::(accountnumber):mfa/root-account-mfa-device (pass)”</p> <p>(pass) -&gt; This is six digit passcode from your MFA device configured.</p> <p>Once MFA delete is enabled verify the settings inside S3 Bucket -&gt; Properties -&gt; Bucket Versioning.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2AJ_xFn-JKG4jBF7u5MUo7Dg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2AJ_xFn-JKG4jBF7u5MUo7Dg.png"></a></p> <ol> <li>Test to delete version of an object and you will receive below error.</li> </ol> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2Ajc-TAl5h6-7IVErlmFp5jQ.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn-images-1.medium.com%2Fmax%2F2000%2F1%2Ajc-TAl5h6-7IVErlmFp5jQ.png"></a></p>