You are a cybersecurity consultant for a FinTech company that handles sensitive financial data, including customer transactions, account details, and personal information. The company wants to ensure that all sensitive data is encrypted both at rest and in transit to comply with industry regulations and protect against data breaches.
Project Objective: Implement encryption for data at rest and in transit using AWS Cloud services to ensure the security and integrity of the company’s financial data.
For all the resources in this lab, we are using the US East (N. Virginia) region.
In this lab, you will complete the following exercises:
Note: Please ensure that you have created an AWS Account with active subscription (https://aws.amazon.com/), or sign up for the AWS Free Tier.
In this exercise, you will create an S3 bucket.
Navigate to the AWS Management Console at AWS Management Console.
In the Search bar at the top of the console, type S3 and select S3 from the search results.
Click Create bucket.
In the Create bucket page, fill in the following details:
Setting | Value |
---|---|
Bucket name | cyberpreacher-demo-bucket |
Region | US East (N. Virginia) |
Block all public access | Checked |
Click Create bucket.
Result: You have successfully created an S3 bucket.
In this exercise, you will enable Server-Side Encryption for your S3 bucket.
Navigate to your S3 bucket cyberpreacher-demo-bucket.
Click on the Properties tab.
Scroll down to the Default encryption section.
Select Enable and choose Amazon S3 key (SSE-S3).
Click Save changes.
Result: You have successfully enabled Server-Side Encryption for your S3 bucket.
In this exercise, you will upload a file to your S3 bucket.
Navigate to your S3 bucket cyberpreacher-demo-bucket.
Click on the Upload button.
Click Add files and select a small file from your system (e.g., “financial-report.pdf”).
Click Upload.
Result: The file is now uploaded and encrypted at rest using Server-Side Encryption (SSE).
In this exercise, you will ensure that data is transferred securely using HTTPS.
When accessing the file, ensure you use the HTTPS URL provided by S3.
Example: https://cyberpreacher-demo-bucket.s3.amazonaws.com/financial-report.pdf
Download and install the AWS CLI from the AWS CLI download page.
aws configure
aws s3 cp s3://cyberpreacher-demo-bucket/financial-report.pdf .
Result: The file is now securely downloaded using HTTPS.
In this exercise, you will enable logging and monitoring for your S3 bucket.
Navigate to your S3 bucket cyberpreacher-demo-bucket.
Click on the Properties tab.
Scroll down to the Server access logging section.
Click Edit and select Enable.
Choose a target bucket for storing the logs and specify a target prefix.
Click Save changes.
Result: Server access logging is now enabled for your S3 bucket.
Regularly review access logs stored in the target bucket.
Use AWS CloudTrail to get detailed logging information about API calls made to your S3 bucket.
By implementing these steps, the FinTech company ensures that their sensitive financial data is securely stored and transmitted, complying with industry regulations and protecting against potential data breaches. This project scenario highlights the importance of data encryption in maintaining the security and integrity of critical information.
You have successfully completed this project. Ensure you share your experiences and screenshots on LinkedIn using the hashtags #cloudprojectwithcyberpreacher #CPwCP.
Note: Ensure to delete all resources created during this project to manage costs.