Tập làm S3 with Default Encryption and Monitoring Access Logs Lab

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab

Share Everywhere

Table of contents

This lab ask you to create 2 buckets, one with bucket encryptions and logging access to another bucket

Prepare

In the Exam lab the IAM Role, Custom Policy and a KMS Key already created so you dont have to create it but for simulate you have to create it's on your own

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/

  2. In the navigation pane of the console, choose Roles and then choose Create role.

  3. Choose AWS account role type.

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Select the policy to use for the permissions policy: AWSKeyManagementServicePowerUser for Full Access on KMS
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. For Role name, enter a name for your role. Role names must be unique within your AWS account
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. In the navigation pane of the IAM console, choose Roles, and then choose Create role.

  2. For Select trusted entity, choose AWS service.

  3. For use case choose S3

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Create a new policy from scratch by following:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt"
            ],
            "Resource": "*"
        }
    ]
}
  1. Enter Role Name and you done the preparation phase

Start the Lab

There are two requirements:

  • Create 2 buckets (block all public access):
    • First bucket with:
      • Default encryption with symmetric customer managed key
      • Enable Access logging
    • Second bucket for store Access Logs

First requirement:

  1. Creating symmetric KMS keys by sign in to the AWS Management Console and open the AWS Key Management Service (AWS KMS) console at https://console.aws.amazon.com/kms.

  2. In the navigation pane, choose Customer managed keys.

  3. Choose Create key.

  4. To create a symmetric KMS key, for Key type choose Symmetric.

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Type an alias for the KMS key. The alias name cannot begin with aws/. The aws/ prefix is reserved by Amazon Web Services to represent AWS managed keys in your account. (The Exam will give you a name for the key)

  2. Select the IAM users and roles that can administer the KMS key (The Exam will define which IAM user and all you have to do it's selecte)

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Select the IAM users and roles that can use the key in cryptographic operations(The Exam will define which IAM role and all you have to do it's selecte)
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Choose Finish to create the KMS key.
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Create 2 buckets by open the Amazon S3 console at https://console.aws.amazon.com/s3/

  2. Choose Create bucket.

  3. Enter the bucket name that EXAM give you

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. In Bucket settings for Block Public Access, choose the Block Public Access settings that you want to apply to the bucket.
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. To enable or server-side encryption, choose Enable. Under Encryption key type, choose AWS Key Management Service key (SSE-KMS). Under AWS KMS key choose Choose from your KMS root keys, and choose the symmetric KMS that you just create.
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Creating another bucket with the name that EXAM give you same as first bucket but without default bucket encryption.
Tập làm S3 with Default Encryption and Monitoring Access Logs Lab

Second requirement:

  1. In the Buckets list, choose the name of the first bucket that you want to enable server access logging for.

  2. Choose Properties.

  3. In the Server access logging section, choose Edit.

  4. Under Server access logging, select Enable.

  5. For Target bucket, enter the name of the second bucket.

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
  1. Choose Save changes and you done the Lab.

for testing you have to wait for a hour so the access logs can be deliver to the second bucket, and it's will look like this

Tập làm S3 with Default Encryption and Monitoring Access Logs Lab
Bạn thấy bài viết này như thế nào?
1 reaction

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.

Bài viết liên quan

Khám phá FinOps

Khám phá FinOps - công nghệ đám mây

Nhiều doanh nghiệp ngày nay lựa chọn chuyển sang công nghệ đám mây với hi vọng đạt được lợi thế cạnh tranh so với đối thủ nhờ tiềm năng về hiệu quả cao và tiết kiệm chi phí hơn của công nghệ này.
Microservices Roadmap

Microservices Roadmap

- Kafka, RabbitMQ, Amazon SQS: Efficient and reliable message brokers for seamless communication between microservices.
The Data Analyst Roadmap

The Data Analyst Roadmap

**Database Knowledge**: Gain proficiency in working with databases like MySQL, PostgreSQL, or MongoDB.
Architectural patterns in software design

Architectural patterns in software design

Choose the architecture that aligns with your application's unique needs and goals. Each pattern offers a tailored approach to elevate your software system!
Exploring the Technological Marvel Behind Netflix

Exploring the Technological Marvel Behind Netflix

Ever wondered about the tech wizardry that powers your binge-watching adventures on Netflix?