Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CloudFormation template to set S3 bucket default encryption [duplicate]

Tags:

amazon-web-services

amazon-s3

amazon-cloudformation

S3 now supports encryption to be applied by default when individual object PUT requests do not contain a specific encryption header.

How can this be set up as part of bucket creation during CloudFormation template? I have found the API call for this but it would be great if it could be supplied as an attribute within CloudFormation rather than a separate step.

So far the only options I see are

  • make a separate API / client call after bucket creation
  • use the older way of a bucket policy to reject unencrypted requests, which can be supplied via CloudFormation S3::BucketPolicy resource
like image 628
wrschneider Avatar asked Nov 09 '17 17:11

wrschneider

People also ask

What is the default S3 bucket encryption setting?

By default, S3 bucket encryption option is disabled. Select the needed option, for example, AES-256. This is server-side encryption with Amazon S3-managed keys (SSE-S3).

Will applying default encryption setting to the S3 buckets encrypt the data that already exists?

Amazon S3's default encryption can be used to automate the encryption of new objects in your bucket, but default encryption does not change the encryption of existing objects in the same bucket.

Does S3 automatically replicate default data?

S3 Replication Time Control, by default, includes S3 replication metrics and S3 event notifications, with which you can monitor the total number of S3 API operations that are pending replication, the total size of objects pending replication, and the maximum replication time.

1 Answers

As of some time apparently between last Friday and today, they've finally added a BucketEncryption property to S3 buckets in CloudFormation, allowing you to enable this default encryption.

like image 59
iv597 Avatar answered Nov 10 '22 23:11

iv597
Sign in to Comment

Related questions

How to correctly set up Amazon Route 53, CloudFront with custom origin
How to ssh into a instance in Private Subnet via Nat Gateway? [closed]
Can I configure Linux swap space on AWS Elastic Beanstalk?
Getting "SSL_connect returned=1 errno=0 state=error: certificate verify failed" when connecting to S3
Is it possible to use the AWS api to create Cloudwatch graphs?
Amazon API Gateway : response body is not transformed when the API is called via Postman?
AWS application load balancer listener rule paths
List all AWS AMI names through CLI?
SQS messages received out of order
How to scan between date range using Lambda and DynamoDB?
Docker mount directory access rights
CloudFront can't use S3 Website origin, only REST origin Cloudformation
NoCredentialsError : Unable to locate credentials - python module boto3
Can AWS DynamoDB DocumentClient handle native Javascript Date objects?
AWS S3 upload without access and secret key in Java
AWS Beanstalk, how to reboot (or terminate) automatically an instance that is not responding
AWS Java Lambda local variables vs object variables
How can I create IAM Role Dropdown in Cloudformation Template Parameters
AWS CloudFormation /var/log/cloud-init-output.log equivalent for Windows AMIs
Does AWS Application load balancer actually support compression?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!