In this guide, I will be showing you how to enable default encryption on an Amazon S3 bucket so that all the objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) keys. But our focus in this guide will be on AWS KMS. For other related AWS topics you can read: How to manage cost with AWS Budgets, Creating IAM Users, Adding MFA and Policies on AWS, Hosting Static Website and Versioning on AWS S3, How to Deploy Dynamic Website to AWS EC2, How to Deploy MVC Application to AWS EC2 Using RDP Connection and Web Deploy.
A step-by-step process on how to create an S3 bucket is covered in this guide: How to deploy an Angular App to AWS S3
Log in to the AWS Management Console and open the Amazon S3 console: https://console.aws.amazon.com/s3/
- from the Buckets list select the name of the bucket that you want to encrypt.
- Choose Properties
- Scroll down to Default encryption, click on Edit
- In other to enable server-side encryption, select Enable
- To enable server-side encryption you can either choose Amazon S3 key (SSE-S3) or AWS Key Management Service key (SSE-KMS) under Encryption key type. But in this guide, we will be using the SSE-KMS Encryption key type.
Under AWS KMS key section you can select any of the following:
- AWS managed key (aws/s3)
- Choose from your KMS root keys.
- Enter KMS root key ARN.
In this guide we will select Choose from your AWS KMS Keys and we will Create Key
Click on the Create key button and select Symmetric, you can leave the Advanced options as it is.
Enter the Alias and other sections are optional.
In the next section, you will need to define key administrative permissions like key administrators and also you will need to define the key usage permissions.
The key policy will be created too by the time you click on the Finish button.
Key created below
Now select the key you created and under Bucket Key, choose Enable.
Click Save Changes to Encrypt your S3 Bucket.
I hope you found this blog post on How to enable Amazon S3 default bucket encryption using S3 Console very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.