By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to make S3 bucket with CMK public?

0

Team, I have a use case to make an S3 bucket public that is encrypted with Customer Managed Key. For private buckets, we grant the principals access to the Key in KMS service, but how do i grant access to KMS key for all the public users. I tried Principal * and it didn't work. Any suggestions?

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS Key Management ServiceAWS Identity and Access ManagementAWS IAM Identity CenterSecurity
Language
English
balajepalli
asked a month ago315 views
1 Answer
1

Accessing to objects encrypted with SSE-KMS requires IAM permission to decrypt. If you need to make the objects completely public, either don't use the default bucket encryption or use SSE-S3.

profile pictureAWS
EXPERT
AWS-User-alantam
answered a month ago
profile picture
EXPERT
Sedat Salman
reviewed a month ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
profile picture
EXPERT
Mikel Del Tio
reviewed a month ago
  • balajepalli
    a month ago

    To be sure, you are saying if i have to make my objects public I can only use SSE-S3, right?

  • AWS-User-alantam EXPERT
    a month ago

    yes, if you want to make the objects publicly available to everyone without authentication.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content