Duke Dougal
Reputation: 26406
How to use AWS S3 server side encryption SSE?
Say for example I leave an AWS S3 bucket open to the public.
My goal is that if someone downloads a file from that bucket then what they get is an encrypted file.
I thought SSE-S3 would do this but it does not - it appears that any file downloaded is not encrypted.
So how can I reach my goal of ensuring that files served from S3 are encrypted?
Upvotes: 0
Views: 355
Answers (1)
helloV
Reputation: 52433
What you are looking for is Protecting Data Using Client-Side Encryption. If you want S3 to serve encrypted files, then you have to save them as encrypted object. You manage encryption/decryption. SSE will store the data after encrypting it and will decrypt it automatically when it is downloaded.
From: Protecting Data Using Encryption
- Use Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects.
- Use Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.
Upvotes: 2
Related Questions
- Use Amazon SSE (Server-Side Encryption) in s3-put command
- How to use S3 SSE C (Server Side Encryption with Client Provided Keys) with Ruby
- AWS S3 using client side enctyption
- SSE encryption of S3 using Terraform
- Force Server Side Encryption for S3 Bucket
- AWS S3 server side encryption using CLI
- How to use S3 SSE C (Server Side Encryption with Client Provided Keys) on NodeJS
- How to use SSE-S3 on Amazon S3?
- Amazon S3 server side encryption
- Amazon encryption with S3