1 Answer
- Newest
- Most votes
- Most comments
0
Hi,
In general, customer (security team, engineer team) should choose which encryption method to use according to their requests. AWS provides multiple exclusive options, and recommend to ensure your service encrypt at rest, encrypt at transit.
For S3, by default, the encryption is disabled. You can enable it by choosing either Amazon S3-Managed Keys (SSE-S3) or AWS Key Management Service (SSE-KMS). In summary, the former option use the key managed by AWS, which reduce the overhead to configure KMS key. The latter you have the flexibility to create and manage your KMS key.
More details: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html
Thanks,
answered a year ago
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 8 months ago