How do you protect the data stored in Amazon S3?

Well, its not just the data stored in Amazon S3 needs to be safe but during the onward & return journey as well.

That broadly classifies  the data protection into categories  as protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers).

· Server-Side Encryption – User requests Amazon S3 to encrypt the object before saving it on disks in its data centers and decrypt it when object are downloaded. Has 3 different types as listed in the image based on who manages the keys.

· Client-Side Encryption – The data is encrypted on the client-side and the encrypted data is uploaded to Amazon S3. In this case, user manage the encryption process, the encryption keys, and related tools.

Manage the S3 Data till end of life, efficiently

•AWS S3 provides Lifecycle management process to manage the data till end of life in a cost efficient way.

•Lifecycle of a object in the bucket or entire bucket can be managed using Lifecycle rules

•Lifecycle rules enable you to automatically transition objects to the less expensive S3 storage option say Standard - Infrequent Access Storage Class, and/or archive objects to the Glacier Storage Class, and/or remove objects after a specified time period.

•Each rule has an action either Transaction action or Expiration actions.

•You can apply rules to either all the objects in the bucket or all the objects that share the specified prefix.

•Moving the object directly from S3 to Glacier and S3 to Expire / Delete is also possible.

•The object should be in Glacier for min of 90 days before delete; even otherwise it will be charged for 90 days as per the Glacier pricing model.

•Old UI for Lifecycle management is pretty self-explanatory than the New UI, hence you may switch to Old UI & try for better clarity.