AWS S3 Multi-Tenancy
Data Partitioning
https://aws.amazon.com/blogs/apn/partitioning-and-isolating-multi-tenant-saas-data-with-amazon-s3/
Bucket per Tenant
Amazon S3 has a default quota of 100 buckets and the hard quota of 1,000 buckets per AWS account.
“Folders” - Object Key Prefix-Per-Tenant Model
Database-Mapped Tenant Objects
Tenant Isolation
Isolating SaaS Tenants with Dynamically Generated IAM Policies: AWS
Securing Tenant Objects with Encryption Keys
Here, the focus is on how we can provide each tenant with a key that protects their data. In these scenarios, Amazon S3 can be used with the AWS Key Management Service (AWS KMS) to provide server-side encryption of S3 objects.
You can have up to 10,000 customer-managed keys in each region of your AWS account.
Amazon S3 bucket keys can reduce AWS KMS request costs by up to 99% when using AWS Key Management Service for server-side encryption (SSE-KMS). This S3 bucket key is used for a time-limited period within S3, which will only share an S3 bucket key for objects encrypted by the same AWS KMS key. This helps stay below KMS API request quotas.
Endpoint-Based Partitioning and Isolation
There is a default quota of 1,000 access points you can have in an account.
Related Notes
- Antisiphon Flash CTF #3 2022 Writeup
- DEFCON 30
- HTB: Pandora Writeup
- Generating Random Unique IDs
- Cyberdefenders Hacked Challenge EWF Mounts
- iptables Cheatsheet
- AWS S3 Multi-Tenancy
- Primary Keys
- Session Management
- Software Supply Chains Risk
