TLS 1.0 and 1.1 Deprecation: Your Guide to a Secure AWS Environment

Introduction:

In today’s digital age, maintaining secure data transfers is essential. Transport Layer Security (TLS) plays a pivotal role in encrypting communication between applications and servers. AWS has recently discontinued support for the outdated TLS 1.0 and 1.1 versions, which means all applications and services must upgrade to TLS 1.2 or above. This blog outlines the steps taken to upgrade an SSIS package that sends data to an S3 bucket, ensuring compliance with AWS’s new security standards.

Scenario:

We encountered an issue while running SSIS packages that transfer data from our local environment to an S3 bucket for downstream teams. The job failed with the following error:

Error:

An error occurred with the following error message: “Amazon S3 will stop supporting TLS 1.0 and TLS 1.1 connections. Please update your client to use TLS version 1.2 or above.

Our systems were running on the Cozyroc program using TLS 1.0, which is no longer supported. Due to network-level privilege constraints, we could not simply update the TLS version without significant impact.

The TLS exit phase

Solution:

To address this issue, I replaced the Cozyroc component with a script task in our Visual Basic package, using C# to upload data to S3. Below is the C# script used for the data transfer:

// Initialization 
       // Configuration 
      //S3 Account details 
    // Setup 
   // Connection             
  // Upload Operation 

using System;
using System.IO;
using Amazon;
using Amazon.S3;
using Amazon.S3.Transfer;

namespace S3FileUpload
{
    class Program
    {
        private const string bucketName = "your-bucket-name";
        private const string keyName = "your-file-name-in-s3";
        private const string filePath = "path-to-your-local-file";
        private static readonly RegionEndpoint bucketRegion = RegionEndpoint.USEast1; // Change to your region
        private static IAmazonS3 s3Client;
        static void Main(string[] args)
        {
            s3Client = new AmazonS3Client(bucketRegion);
            UploadFileAsync().Wait();
        }
        private static async Task UploadFileAsync()
        {
            try
            {
                var fileTransferUtility = new TransferUtility(s3Client);
                // Option 1. Upload a file. The file name is used as the object key name.
                await fileTransferUtility.UploadAsync(filePath, bucketName);
                Console.WriteLine("Upload completed");
                // Option 2. Specify object key name explicitly.
                // await fileTransferUtility.UploadAsync(filePath, bucketName, keyName);
                // Console.WriteLine("Upload completed");
            }
            catch (AmazonS3Exception e)
            {
                Console.WriteLine("Error encountered on server. Message:'{0}' when writing an object", e.Message);
            }
            catch (Exception e)
            {
                Console.WriteLine("Unknown error encountered. Message:'{0}' when writing an object", e.Message);
            }
        }
    }
}

Conclusion

By replacing the Cozyroc component with a customized C# script, we successfully upgraded our data transfer process to comply with AWS’s new TLS requirements. This not only enhances security but also provides greater flexibility and control over our data transfer operations. Ensuring your systems are up-to-date with the latest security protocols is crucial for maintaining data integrity and protecting sensitive information.

Key Considerations and Benefits

1. Customization: The C# script offers more flexibility and customization compared to Cozyroc. This allows us to tailor the script to fit specific requirements and workflows.
2. Performance: The script has been optimized, ensuring no performance degradation during testing.
3. Maintainability: The new approach is easier to control and maintain, especially when addressing potential bugs.
4. Security: Extra precautions have been taken to secure sensitive information, such as using environment variables and incorporating secret management tools.
5. Testing: Extensive unit, integration, and performance tests were conducted to ensure the reliability and efficiency of the new solution.

About Us

Bi3 has been recognized for being one of the fastest-growing companies in Australia. Our team has delivered substantial and complex projects for some of the largest organizations around the globe, and we’re quickly building a brand that is well-known for superior delivery.

Website: https://bi3technologies.com/

Follow us on,
LinkedIn: https://www.linkedin.com/company/bi3technologies
Instagram: https://www.instagram.com/bi3technologies/
Twitter: https://twitter.com/Bi3Technologies