AWS/Azure/OpenShift

How to enable Amazon S3 default bucket encryption using S3 Console

image-54

In this guide, I will be showing you how to enable default encryption on an Amazon S3 bucket so that all the objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) keys. But our focus in this guide will be on AWS KMS. For other related AWS topics you can read: How to manage cost with AWS Budgets, Creating IAM Users, Adding MFA and Policies on AWS, Hosting Static Website and Versioning on AWS S3, How to Deploy Dynamic Website to AWS EC2, How to Deploy MVC Application to AWS EC2 Using RDP Connection and Web Deploy.

A step-by-step process on how to create an S3 bucket is covered in this guide: How to deploy an Angular App to AWS S3

Log in to the AWS Management Console and open the Amazon S3 console:  https://console.aws.amazon.com/s3/

image-39
Login Page
  • from the Buckets list select the name of the bucket that you want to encrypt.
image-40
Bucket List
  • Choose Properties
image-41
Bucket Overview
  • Scroll down to Default encryption, click on Edit
image-42
Default Encryption
  • In other to enable server-side encryption, select Enable
  • To enable server-side encryption you can either choose Amazon S3 key (SSE-S3) or AWS Key Management Service key (SSE-KMS) under Encryption key type. But in this guide, we will be using the SSE-KMS Encryption key type.
image-43
AWS Key Management Service Key

Under AWS KMS key section you can select any of the following:

  • AWS managed key (aws/s3)
  • Choose from your KMS root keys.
  • Enter KMS root key ARN.

In this guide we will select Choose from your AWS KMS Keys and we will Create Key

image-44
AWS KMS Key

Click on the Create key button and select Symmetric, you can leave the Advanced options as it is.

image-45
Configuring the Key

Enter the Alias and other sections are optional.

image-46
Adding Alias

In the next section, you will need to define key administrative permissions like key administrators and also you will need to define the key usage permissions.

image-47
Key Configuration

The key policy will be created too by the time you click on the Finish button.

image-48
Key Policy

Key created below

image-49
Customer Managed Keys

Now select the key you created and under Bucket Key, choose Enable.

image-50
AWS KMS Key

Click Save Changes to Encrypt your S3 Bucket.

image-51
Bucket Overview

I hope you found this blog post on How to enable Amazon S3 default bucket encryption using S3 Console very interesting and helpful. In case you have any questions do not hesitate to ask in the comment section.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x