Test and share encrypted data on S3

Test and share encrypted data on S3

  1. Access AWS Management Console
  • Find S3
  • Select S3

demo

  1. In the S3 interface
  • Select Buckets
  • Select kms-key-s3

demo

  1. In the kms-key-s3 section
  • Select the data awsstudygroup.jpg
  • Press Open

demo

  1. As you can see, after pressing Open, the data will be opened. Because I have created access rights for the account as the owner, I will have access to the data.

demo

  1. Next we Make public the purpose is to allow everyone to test access to data on S3

“Making public” an S3 bucket encrypted with KMS creates a conflict of purpose. Even though the content is encrypted, “Make public” bucket means that anyone with the decryption key (which may be shared or accessed without permission) can access and decrypt the content (Purpose make public just for demo purposes).

  1. Return to the kms-key-s3 interface
  • Select data awsstudygroup
  • Select Actions
  • Select Make public using ACL

4.2upload-data

  1. In the Make public section
  • Press Make public

4.2upload-data

  1. Notification of success

4.2upload-data

  1. They return to the kms-key-s3 section
  • Select awsstudygroup
  • Press Copy URL

demo

  1. After pasting the URL into a new tab. You will not be able to open AWS-side data requests that specify server-side encryption with an AWS KMS managed key that requires AWS Signature Version 4.

demo

  1. Next, go back to the incognito tab and log in with the user information created in section 2.2 Create Group and User
  • Then access S3
  • Select Buckets
  • Select awsstudygroup
  • Select Open

demo

  1. On User-S3 you will receive an access denied message and decryption is not allowed because no policy is applied on this User-S3 (In this step for see the new owner has permissions to view and open the data)

demo

  1. If you are still in User-S3, go back to kms-key-s3
  • Select awsstudygroup
  • Copy URL

demo

  1. After pasting the URL into a new tab. You will not be able to open AWS-side data requests that specify server-side encryption with an AWS KMS managed key that requires AWS Signature Version 4.

demo

In this section, a URL will be created to share data with everyone.

  1. You return to your original User
  • Access to S3
  • Select qrcode_facebook_awsstudygroup
  • Select Actions

demo

Select Share with a presigned URL

demo

  1. Next step
  • Time interval until the presigned URL expires select Minutes
  • Mumber of minutes choose 2 (I let this part demo for 2 minutes)
  • Press Create persigned URL

demo

  1. Notify success and press Copy persigned URL

demo

  1. Anyone who gets this link can open it to view data within 2 minutes

demo

  1. After 2 minutes, there will be a notification Access Denied and access will expire

demo