S3 Encryption
- In transit
- SSL/TLS – TLS is just the newer standard replacing SSL
- At Rest – Server Side Encryption
- S3 Managed Keys (SSE-S3)
- AWS Key Management Service (SSE-KMS)
- Server Side Encryption With Customer Provided Keys (SSE-C)
- At Rest – Client Side Encryption
- Customer Encrypts Then Downloads
S3 Securing
S3 can be secured at the bucket level with bucket policies and at the object level with ACLs.
S3 Logging
Logging can be turned on at the bucket level.