2 Respostas
- Mais recentes
- Mais votos
- Mais comentários
0
I tried to get an sse-s3 encrypted file over public and it works so yeah I guess it provide encryption/decryption for anyone has access to the objects
respondido há 2 anos
0
Hello,
With SSE-S3 the encryption is managed by S3 service. When you upload an object with SSE-S3, the S3 service will encrypt the object with AES-256 cipher before it is stored on the disks. The S3 service manages the keys. Please check out below for details & examples:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-s3-encryption.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
One can optionally set this at bucket level by going to Bucket -> Properties -> Edit Encryption in AWS Console.
respondido há 2 anos
Conteúdo relevante
AWS OFICIALAtualizada há 3 anos- AWS OFICIALAtualizada há 8 meses
I know and I read the doc but my question specifically is: Do see-s3 encrypt/decrypt objects data in behalf of other accounts if I grant those accounts the basic bucket permission. Because kms AWS managed keys do only accept encrypt/decrypt for service principal in behalf of the same account users. I read the whole doc but not clear like many other things I did submit feedback for and unfortunately can not try it in free tier I am not willing to create another account so I can not try it through handson Thanks alot for your answer