S3Express: Amazon S3 Command Line Utility

Amazon S3 command line utility for Windows. Copy, query, backup multiple files to S3 using the Windows command line.

S3Express FAQ and Knowledge Base

Main Page > Browse Categories > Security Considerations > Enforcing server-side encryption for all uploads to a bucket

Enforcing server-side encryption for all uploads to a bucket

Amazon S3 supports bucket policy that you can use if you require server-side encryption for all objects that are stored in your bucket. For example, the following bucket policy denies upload object (s3:PutObject) permission to everyone if the request does not include the x-amz-server-side-encryption header requesting server-side encryption.

{
   "Version":"2012-10-17",
   "Id":"PutObjPolicy",
   "Statement":[{
         "Sid":"DenyUnEncryptedObjectUploads",
         "Effect":"Deny",
         "Principal":{
            "AWS":"*"
         },
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::YourBucket/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption":"AES256"
            }
         }
      }
   ]
}

In S3Express, the x-amz-server-side-encryption header is added by using the -e flag of the PUT command.



User Comments
Add Comment
There are no user comments for this topic.
Add Comment
Attachments
No attachments

Did this help you?
Yes No

Statistics
57% found this information useful

Other Options
Printable Version

Download
Download S3Express

S3Express Manual
 HTML   PDF

 A printable version of the entire FAQ and Knowledge Base is also available.
 For further queries, please contact us by e-mail at support@s3express.com