The Cornell AWS Regulated Buckets Data Storage service allows secure storage and movement of Low, Medium or High risk data in AWS. (Note that the service does not yet offer controls for HIPAA or PCI data.)

The service, provided through a partnership with CIT’s Boomi and Tidal services, features:

• production and test resources
• S3 server access and data event logs
• restrictive bucket policies controlling access
• file versioning
• compatibility with nearly all S3 features and operations, including storage classes and object-level tagging

Access controls enforced by bucket policies include encryption in transit and at rest, blocking of public, unauthenticated access, a requirement for multi-factor authentication for human user access, and specific controls for human and automation IAM users.

For more about this solution:

• To ask for more information about features and pricing for the service, contact the Cloud Services team at cloud-support@cornell.edu.
• To request Cornell AWS Regulated Buckets Data Storage for secure storage and movement of Low, Medium or High risk data in AWS, submit a request form.
• To read more technical detail about this solution, visit the AWS S3 Regulated Data Partnership page (requires Cornell Confluence login).