Certified Security - Specialty

Sign Up Free or Log In to participate!

Securing S3 objects – Various Objects

Hi Ryan/Faye – Thanks for the sessions. So far so good.

Below are the whole list of options to secure objects in S3 as per my understanding

1. IAM Policies

2. Bucket Policies

3. Object ACLs

4. Pre Signed URLs

5. Signed Cookies

6. Lambda@Edge

Few questions

1. Please confirm if this is correct

2. Could you also please help me with some details on Signed Cookies like Pre Signed URLs for securing private content in S3 ? Thanks for the CLI command "presign" which makes things easier

3. Think we can validate the token created by any enterprise IAM solution (After getting authenticated over there) in Lambda@Edge "Viewer Request" to authorize requests to S3 object ? Is that correct ?

Thanks.

1 Answers

Hi, for more information about Pre Signed URLs for securing private content in S3 check out the following link:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

and you might be interested in the following blog post which discusses an architecture for which uses Lambda@Edge and JSON Web Tokens to Enhance Web Application Security

https://aws.amazon.com/blogs/networking-and-content-delivery/authorizationedge-how-to-use-lambdaedge-and-json-web-tokens-to-enhance-web-application-security/

hope that helps!

Faye

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?