How do I enable s3 bucket Default Encryption programmatically with AWSSDK?

Question

I am trying to enable default encryption for s3 Bucket programmatically. Following is not working no errors as well. Anybody know the reason for this ?

        private async Task<PutBucketEncryptionResponse> EnableServerSideEncriptionAsync(string bucketName)
    {
        return await S3Client.PutBucketEncryptionAsync(new PutBucketEncryptionRequest
        {
            BucketName = bucketName,
            ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
            {
                ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
                {
                    new ServerSideEncryptionRule()
                    {
                        ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
                        {
                            ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AES256
                        }

                    }
                }
            }
        });
    }

Answer 1

#!/bin/bash

for bucket_name in $(aws s3api list-buckets --query "Buckets[].Name" --output text);
do
        if (aws s3api get-bucket-encryption --bucket ${bucket_name})
        then
                echo "already encrypted"
        else
                echo "doing encrption"
                aws s3api put-bucket-encryption  --bucket ${bucket_name} --server-side-encryption-configuration  '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
                echo "done encrption"
        fi
done

Answer 2

Good night, I had the same problem an hour ago and maybe I found the solution! Code:

private async void EncryptBucket(string bucketName)
{
    var encryptResquest = new PutBucketEncryptionRequest
    {
        BucketName = bucketName,
        ServerSideEncryptionConfiguration = new ServerSideEncryptionConfiguration()
        {
            ServerSideEncryptionRules = new List<ServerSideEncryptionRule>()
            {
                new ServerSideEncryptionRule()
                {
                    ServerSideEncryptionByDefault = new ServerSideEncryptionByDefault()
                    {
                       ServerSideEncryptionAlgorithm = ServerSideEncryptionMethod.AWSKMS,
                       ServerSideEncryptionKeyManagementServiceKeyId = "arn:aws:kms:us-west-2:**insert your account id**:alias/aws/s3"
                    }
                }
            }
        }
    };

Answer 3

Finally this is end up with an permission issue. I didn't have permission to see the status of default encryption. users who has permission could see default encryption is enabled.

Thank you John Rotenstein for your time to find solution for this issue.

Hope that aws console shows an message saying "Access Denied" instead of showing wrong default encryption is disabled.

Answer 4

I tried it using the AWS Command-Line Interface (CLI) to see what would happen.

I created a new bucket, and ran:

aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'

I then went to the bucket in the Amazon S3 console, clicked the Properties tab and the Default Encryption box displayed: AES-256