Mailbag

AWS Secrets Manager or AWS SSM Parameter Store?

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

The company that I work for is heavily invested in AWS Systems Manager Parameter Store. But, I have been reading up on AWS Secrets Manager and I’m confused on what the difference is?

Response

AWS Systems Manager Parameter Store is a cost effective configuration store as there isn’t a charge for standard parameters. Parameter Store supports the storage of common configuration data like a URL and also data that’s more complex like a list of strings. But, AWS Systems Manager Parameter Store also supports more sensitive configuration data like secrets, passwords and tokens.

What's the Difference Between Amazon EBS and Amazon EFS?

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

I’m a software developer and I’m new to AWS. What’s the difference between the Elastic Block Store service and the Elastic File System service?

Response

Amazon EBS or Elastic Block Store is a highly available block storage service offered by AWS. Amazon Elastic block storage offers 99.999% availability and 99.999% durability . When you think of Amazon EBS, think hard drive or SSD. Amazon Elastic File System or EFS, is a serverless file system service that allows for the sharing of data among thousands of clients. Amazon EFS provides 99.999999999% durability and up to 99.99% availability. When you think of EFS, think Linux compatible network file shares.

Which Amazon S3 Storage Class Is The Right One to Use?

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

My company is switching cloud providers and is moving object storage to Amazon S3. Can you help explain the different S3 storage classes?

Response

First, note that all classes aside from S3 One Zone-IA stores data in at least 3 AZs.

Moving EC2 User Files without Moving Permissions

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

I have an EC2 instance and I need to move files from one directory to another and I need to make sure the files belong to a new user. I have tried the mv command, but the old user’s permissions stay intact. What am I missing?

Protecting S3 Data with Encryption

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

Our company has an S3 bucket where multiple companies upload CSV files for later processing. Is it possible to require that all files in that bucket be encrypted?

Response

S3 has a lot of flexibility when it comes to encryption. S3 objects can be encrypted client side and then uploaded or objects can be encrypted server side using KMS keys, customer provided keys or S3 keys. In order to enforce that all S3 objects in a bucket are encrypted, use a bucket policy requiring that all object uploads must provide the x-amz-server-side-encryption header. More on the x-amz-server-side-encryption header can be found here: Using Server Side Encryption.