By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 Default Encryption, and individual object encryption settings

0

Greetings,

I need some verification on S3 encryption. We have multiple buckets that have default encryption enabled, however when inspecting the individual objects within these buckets, they say server side encryption is disabled, and they have to be manually toggled.

Does this effectively mean the default encryption is doing nothing, or is the encryption setting on the individual objects an extra layer of encryption?

The end goal is to have all of our objects encrypted at rest. But it's confusing as to whether or not that's happening.

Thanks!

Topics
StorageSecurity, Identity, & Compliance
Tags
Amazon Simple Storage ServiceSecurity, Identity, & ComplianceEncryption
Language
English
profile picture
kyager
asked a year ago383 views
2 Answers
1
Accepted Answer

Hi Kyager,

Default bucket encryption doesn't change the encryption settings of existing object, only newly updated ones.

Could be that the objects you are looking at were existing before the setting was applied. https://aws.amazon.com/blogs/storage/encrypting-existing-amazon-s3-objects-with-the-aws-cli/

profile picture
EXPERT
Antonio_Lagrotteria
answered a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago
1

Were these objects uploaded before enabling encryption? Existing objects are not encrypted.

https://aws.amazon.com/blogs/storage/encrypting-existing-amazon-s3-objects-with-the-aws-cli/

profile pictureAWS
ABitnar
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content