2 Antworten
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
I tried to get an sse-s3 encrypted file over public and it works so yeah I guess it provide encryption/decryption for anyone has access to the objects
beantwortet vor 2 Jahren
0
Hello,
With SSE-S3 the encryption is managed by S3 service. When you upload an object with SSE-S3, the S3 service will encrypt the object with AES-256 cipher before it is stored on the disks. The S3 service manages the keys. Please check out below for details & examples:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-s3-encryption.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
One can optionally set this at bucket level by going to Bucket -> Properties -> Edit Encryption in AWS Console.
beantwortet vor 2 Jahren
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 3 Jahren- AWS OFFICIALAktualisiert vor 8 Monaten
- AWS OFFICIALAktualisiert vor einem Jahr
I know and I read the doc but my question specifically is: Do see-s3 encrypt/decrypt objects data in behalf of other accounts if I grant those accounts the basic bucket permission. Because kms AWS managed keys do only accept encrypt/decrypt for service principal in behalf of the same account users. I read the whole doc but not clear like many other things I did submit feedback for and unfortunately can not try it in free tier I am not willing to create another account so I can not try it through handson Thanks alot for your answer