AWS S3 encryption

Encryption (2017) is supported in AWS S3 (default Advanced Encryption Standard (AES 256bit) since January 5, 2023 all new objects are encrypted by default ^[1].

• In transit (SSL/TLS)
• At rest:
  • Server Side Encryption (SSE):
  • S3 Managed Keys (SSE-S3; 256bit);
  • AWS Key Management Service, Managed Keys (SSE-KMS)
  • Server Side Encryption with Customer Provided Keys (SSE-C)
• Client Side Encryption: user encrypts data and use AWS S3 to store it

Related[edit]

• aws s3api get-bucket-encryption command
• Terraform S3 resources: aws_s3_bucket_server_side_encryption_configuration
• AWS S3 encryption

See also[edit]

• AWS S3, aws s3, aws s3api, aws s3control, s3:, Amazon S3 Storage Lens, AWS S3 replication, CRR, SSR, CAR, S3 Replication Time Control (S3 RTC), Website endpoint, Amazon Macie, Versioning, Lifecycle, Encryption, logging, Amazon S3 Inventory, Amazon S3 Batch Operations, Storage Classes, Amazon S3 clients, Terraform S3, AWS canned ACLs, Directory buckets, security