Hands-On-Lab | Server-Side Encryption (SSE) Behaviour for S3 Buckets

Hi There,

Greetings!!!

Welcome back to my YouTube Channel and i wish you all a very happy Diwali :)

Today we are going to discuss about the encryption behaviour for S3 buckets.

All Amazon S3 buckets have encryption configured by default, and objects are automatically encrypted by using server-side encryption with Amazon S3 managed keys (SSE-S3). This encryption setting applies to all objects in your Amazon S3 buckets.

If you need more control over your keys, such as managing key rotation and access policy grants, you can choose to use server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), or dual-layer server-side encryption with AWS KMS keys (DSSE-KMS).

We can configure the Amazon S3 default encryption behaviour for an S3 bucket by using the Amazon S3 console, the AWS SDKs, the Amazon S3 REST API, and the AWS Command Line Interface (AWS CLI).

Encrypting existing objects
To encrypt your existing unencrypted Amazon S3 objects, you can use Amazon S3 Batch Operations. You provide S3 Batch Operations with a list of objects to operate on, and Batch Operations calls the respective API to perform the specified operation.

Please check out the link below:

In this hands-on-lab we will try to apply the bucket policy to enforce the SSE-KMS and try to upload the objects to the S3 bucket that we will create.

Bucket Policy -
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowDeleteObject",
"Effect": "Allow",
"Principal": {
"AWS": " arn of IAM user"
},
"Action": [
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucketname/*"
]
}
]
}

Please dont forget to delete the S3 bucket once you are done with this exercise.

Please like,share,comment and subscribe to my YouTube channel ' cloud with mohsin'

Happy Learning :)

#cloudwithmohsin