How do you set SSE-S3 or SSE-KMS encryption on S3

2019-02-16 07:01发布

I'm trying to use a CloudFormation Template to spin up an S3 Bucket in AWS. One of the requirements for this project is that the bucket be encrypted in place. I've been trying to find a way to set that up via CloudFormation Template (I've read all the documentation I can get my hands on for SSE-S3, KMS, CFT and S3s...). But all signs seem to point to it only being available via the console.

I'm worried I'm just missing something obvious and I wondered if anyone knew how I could use CloudFormation Template(or at least something automated) to set the default encryption of an S3 Bucket to SSE-S3 or SSE-KMS?

标签： amazon-web-services encryption amazon-s3 amazon-cloudformation

1条回答

疯言疯语

2楼-- · 2019-02-16 07:48

AWS added this feature on January 24th, 2018:

Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket.

JSON

{
  "Resources": {
    "MyBucket": {
      "Type" : "AWS::S3::Bucket",
      "Properties" : {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "SSEAlgorithm": "AES256"
              }
            }
          ]
        }
      }
    }
  }
}

YAML

Resources:
  MyBucket:
    Type: "AWS::S3::Bucket"
    Properties: 
      BucketEncryption: 
        ServerSideEncryptionConfiguration: 
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html

0人赞添加讨论(0) 举报

How do you set SSE-S3 or SSE-KMS encryption on S3

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间