Dear AWS Support,
I hope this message finds you well. I have a question regarding the interaction between AWS S3 Lifecycle Configuration and Server-Side Encryption with Customer-Provided Keys (SSE-C).
Typically, when I upload a file to an S3 bucket with a Lifecycle configuration, the AWS console displays the Expiration rule and Expiration date in the object properties, as expected. However, I've noticed that when I use SSE-C for server-side encryption, these fields disappear from the AWS console.
Upon further investigation, it seems that the AWS console utilizes the headObject method to retrieve the Expiration rule and Expiration date, resulting in a 400 response when SSE-C is in use. Surprisingly, when using the getObject method in the Java SDK with the provided key, the corresponding Expiration rule and Expiration date are successfully retrieved.
This discrepancy has left me confused about whether S3 Lifecycle Configuration is fully compatible with SSE-C. If there are any limitations or if SSE-C is not supported in the S3 console, it would be helpful to have a clear message indicating this, similar to the "You cannot use the S3 console to view Expiration rule" (similar to the "Additional checksums" section).
I appreciate your assistance in clarifying this matter and providing guidance on the expected behavior when using S3 Lifecycle Configuration with SSE-C.
Thank you for your attention to this inquiry.
Best regards,
Thien
AWS OFFICIALUpdated 6 months ago
Hello Didier,
I need to make sure both lifecycle and encryption work together. If not, I would consider client-side encryption. can you help me confirm that the S3 storage lifecycle works with server-side encryption (SSE-C) (for example it will expire according to the rules)? and issue in the AWS console is just a bug on the console only? I didn't find any official document about this case.
Regards, Thien