There are plenty of amazing things that you can configure and try on S3 besides the steps we have covered in this chapter. For example, you can leverage the encryption functionality provided by S3 to encrypt data in transit as well as at rest. Amazon S3 supports two types of encryption technique especially for this purpose: client-side encryption and server-side encryption.

Client-side encryption comes in really handy when you as an end user want to manage the encryption process, the encryption keys, tools, and so on. Generally, this encryption process is performed on the object before it gets uploaded to S3. You can also protect your data in transit using client-side encryption facilities such as SSL. Server-side encryption is where Amazon S3 encrypts and decrypts your data for you before it is stored within its data centers. Server-side encryption can be leveraged along with AWS Key Management Service (KMS) as well as with Amazon S3 managed keys. You can read about both in depth using this link http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html.

Another feature worth trying out in S3 is the presigned URLs. These URLs are used to provide temporary access for downloading any particular object from S3. Each URL comes with its own expiry date and time, which denies access to the object once it expires. S3 provides SDKs in Java and .NET using which you can create your own pre-signed URLs. To read more about presigned URLs and how to generate them for your own objects, go to http://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html.