Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Learning S3 Encryption

  1. Home
  3. AWS Certified Solutions Architect Professional (SAP-C02)
  5. Learning S3 Encryption

Learning S3 Encryption

We will now be detailing learning S3 Encryption with the various methods of encryption.

  • We can set default encryption on a bucket
  • With, default setting,  all objects are encrypted when stored in bucket.
  • objects are encrypted using server-side encryption with
    • Amazon S3-managed keys (SSE-S3)
    • AWS KMS-managed keys (SSE-KMS)
Learning S3 Encryption

Learning S3 Encryption

S3 object encryption methods

  • SSE-S3: encrypts S3 objects using keys handled & managed by AWS
  • SSE-KMS: leverage AWS Key Management Service to manage encryption keys
  • SSE-C: when you want to manage own encryption keys
  • Client Side Encryption

SSE-S3

  • SSE-S3: encryption using keys handled & managed by AWS S3
  • Object is encrypted server side
  • AES-256 encryption type
  • Must set header: x “x- – amz- – server- – side- –

SSE-KMS

  • SSE-KMS: encryption using keys handled & managed by KMS
  • KMS Advantages: user control + audit trail
  • Object is encrypted server side
  • Must set header: x “x- – amz- – server- – side- – encryption”: ” aws:kms” “

SSE-C

  • SSE-C: server-side encryption using data keys fully managed by customer outside of AWS
  • Amazon S3 does not store encryption key you provide
  •  HTTPS must be used
  • Encryption key must provided in HTTP headers, for every HTTP request made

Get ready to qualify AWS Certified Solutions Architect Associate and Try hundreds of Practice Test Now!

Menu