S3 is essentially an infinitely scalable object storage and the most common site of data breaches in AWS. "Accidentally misconfigured public S3 bucket" is a regular headline in security news. From a security exam perspective, S3 data protection splits into two axes — encryption at rest and access control and exposure prevention. Today we address encryption, integrity, and exposure prevention mechanisms; tomorrow (day 3) covers advanced access control policies in depth.
All new objects in S3 are encrypted by default with SSE-S3 (AES-256) (default-enabled since 2023)