S3Express

FAQ and Knowledge Base

Main Page > Browse Categories > Security Considerations > Enforcing server-side encryption for all uploads to a bucket

Enforcing server-side encryption for all uploads to a bucket

Amazon S3 supports bucket policy that you can use if you require server-side encryption for all objects that are stored in your bucket. For example, the following bucket policy denies upload object (s3:PutObject) permission to everyone if the request does not include the x-amz-server-side-encryption header requesting server-side encryption.

{
   "Version":"2012-10-17",
   "Id":"PutObjPolicy",
   "Statement":[{
         "Sid":"DenyUnEncryptedObjectUploads",
         "Effect":"Deny",
         "Principal":{
            "AWS":"*"
         },
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::YourBucket/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption":"AES256"
            }
         }
      }
   ]
}

In S3Express, the x-amz-server-side-encryption header is added by using the -e flag of the PUT command.

User Comments
 Add Comment
There are no user comments for this topic.
Add Comment

Related

 Connection security (HTTPs)
 How to make a backup to S3 more secure using encryption
 Enforcing 'private access only' for all objects in a bucket
 Restricting access to a S3 bucket to specific IP addresses
Attachments
No attachments

Did this help you?
Yes No

Statistics
53% found this information useful

Other Options
Printable Version

General Information
No. 22
Author: S3Express

Download S3Express
A printable version of the entire S3Express FAQ and Knowledge Base is also available.
For further queries, please contact us by E-Mail at support@s3express.com