How to enable Amazon S3 default bucket encryption using S3 Console

Posted on Temitope Odemo By Temitope Odemo No Comments on How to enable Amazon S3 default bucket encryption using S3 Console
Amazon S3

In this guide, I will be showing you how to enable default encryption on an Amazon S3 bucket so that all the objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) keys. But our focus in this guide will be on AWS KMS. For other related AWS topics you can read: How to manage cost with AWS Budgets, Creating IAM Users, Adding MFA and Policies on AWS, Hosting Static Website and Versioning on AWS S3, How to Deploy Dynamic Website to AWS EC2, How to Deploy MVC Application to AWS EC2 Using RDP Connection and Web Deploy.

A step-by-step process on how to create an S3 bucket is covered in this guide: How to deploy an Angular App to AWS S3

Furthermore, Log in to the AWS Management Console and open the Amazon S3 console:  https://console.aws.amazon.com/s3/

default bucket encryption
Login Page
  • However, from the Buckets list select the name of the bucket that you want to encrypt.
enable
Bucket List
  • Choose Properties
S3 Console
Bucket Overview
  • Scroll down to Default encryption, click on Edit
Amazon S3
Default Encryption
  • Moreover, In order to enable server-side encryption, select Enable
  • In addition, To enable server-side encryption, you can either choose the Amazon S3 key (SSE-S3) or the AWS Key Management Service key (SSE-KMS) under the Encryption key type. But in this guide, we will use the SSE-KMS Encryption key type.
S3 Console
AWS Key Management Service Key

Nonetheless, Under the AWS KMS key section, you can select any of the following:

  • AWS managed key (aws/s3)
  • Choose from your KMS root keys.
  • Enter KMS root key ARN.

Consequently, In this guide, we will select Choose from your AWS KMS Keys, and we will Create Key

image-44
AWS KMS Key

Similarly, Click on the Create key button and select Symmetric, you can leave the Advanced options as it is.

image-45
Configuring the Key

Nevertheless, Enter the Alias and other sections are optional.

image-46
Adding Alias

Therefore, In the next section, you will need to define key administrative permissions like key administrators, and also you will need to define the critical usage permissions.

image-47
Key Configuration

Additionally, The key policy will be created by the time you click on the Finish button.

image-48
Key Policy

Key created below

image-49
Customer Managed Keys

Furthermore, Now select the key you created and under Bucket Key, choose Enable.

image-50
AWS KMS Key

Click Save Changes to Encrypt your S3 Bucket.

image-51
Bucket Overview

I hope you found this blog post on How to enable Amazon S3 default bucket encryption using S3 Console very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Rate this post
AWS/Azure/OpenShift Tags:, , , ,

Related Posts

More Related Articles

Microsoft 365 Developer Program instant Get your free Microsoft 365 E5 Sandbox today AWS/Azure/OpenShift
Remove Custom Domain from Entra ID and Azure tenant Delete Azure Tenant: Remove Custom Domain from Entra ID AWS/Azure/OpenShift
Generate SSH Keys Associate SSH Public key with Azure Linux VM AWS/Azure/OpenShift
TLS1.2 Unable to install Azure AD Connect, TLS 1.2 is required: How to enable or disable TLS 1.2 on a Windows Server via the Registry and PowerShell AWS/Azure/OpenShift
Azure VM Creation With CLI 1 Deploy a Linux virtual machine (VM) on Azure using the Azure CLI AWS/Azure/OpenShift
APIFEATURE Benefits of Azure API Management and how to create an API instance AWS/Azure/OpenShift

Leave a Reply