2 Answers
- Newest
- Most votes
- Most comments
0
I tried to get an sse-s3 encrypted file over public and it works so yeah I guess it provide encryption/decryption for anyone has access to the objects
answered 2 years ago
0
Hello,
With SSE-S3 the encryption is managed by S3 service. When you upload an object with SSE-S3, the S3 service will encrypt the object with AES-256 cipher before it is stored on the disks. The S3 service manages the keys. Please check out below for details & examples:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/specifying-s3-encryption.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingServerSideEncryption.html
One can optionally set this at bucket level by going to Bucket -> Properties -> Edit Encryption in AWS Console.
answered 2 years ago
Relevant content
- Accepted Answerasked a year ago
- asked 4 years ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
I know and I read the doc but my question specifically is: Do see-s3 encrypt/decrypt objects data in behalf of other accounts if I grant those accounts the basic bucket permission. Because kms AWS managed keys do only accept encrypt/decrypt for service principal in behalf of the same account users. I read the whole doc but not clear like many other things I did submit feedback for and unfortunately can not try it in free tier I am not willing to create another account so I can not try it through handson Thanks alot for your answer