S3 Default Encryption override with command line/api call

0

Regarding S3 default encryption. If you have S3 default encryption enabled with KMS CMK and then specify the header option (SSE-S3) when putting an object in S3. Does it not apply the default S3 policy anymore but only uses the options passed in the header ?

1개 답변
0
수락된 답변

S3 doc: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

After you enable default encryption for a bucket, the following encryption behavior applies:

There is no change to the encryption of the objects that existed in the bucket before default encryption was enabled. When you upload objects after enabling default encryption: If your PUT request headers don't include encryption information, Amazon S3 uses the bucket’s default encryption settings to encrypt the objects. If your PUT request headers include encryption information, Amazon S3 uses the encryption information from the PUT request to encrypt objects before storing them in Amazon S3. If the PUT succeeds, the response is an HTTP/1.1 200 OK with the encryption information in the response headers. For more information, see PUT Object. If you use the SSE-KMS option for your default encryption configuration, you are subject to the RPS (requests per second) limits of AWS KMS. For more information about AWS KMS limits and how to request a limit increase, see AWS KMS limits.

https://docs.aws.amazon.com/kms/latest/developerguide/limits.html

답변함 6년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠