Summary
Objects can be either private or public. Pre-authenticated requests allow end-users access to an object for a limited time.
Reference
Initial Security Tasks
- Use IAM Policies to grant access to users and resources
- Restrict access to requests that originate from an allowed IP address using network source
- Prevent deletion of buckets and objects
- Encrypt resources using a custom key
- Secure network access to resources (TLS 1.2)
- Create a security zone
Routine Security Tasks
- Rotate encryption keys
- Perform a security audit
- Use object versioning to minimize data loss due to malicious deletions.
Only give `BUCKET_DELETE` and `OBJECT_DELETE` permission to a minimum set of IAM users or groups
Ensure the integrity of the data when it is moved/copied to a different location. MD5SUM is generated for all uploads.