- Newest
- Most votes
- Most comments
Hello.
If you set that bucket policy, uploading will fail if the encryption setting is other than KMS when using putobject.
In other words, the upload with the command below will fail.
aws s3api put-object --bucket s3-test --key test.txt --body test.txt --server-side-encryption AES256
Basically, if no option is specified, the default encryption set on the S3 bucket will be used, so I don't think there is much need to worry about the bucket policy.
For example, if you set the encryption method as an option as shown above, I think it is a valid bucket policy.
https://repost.aws/knowledge-center/s3-aws-kms-default-encryption
Please update the resource on the policy to include the splat as you have omitted it.
arn:aws:s3:::DOC-EXAMPLE-BUCKET1/*
Other than that, are you sure it’s not enforce encryption of data in transit as this is another macie finding.
https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
Thank you so much for your help! I intended to include the splat in the bucket policy so this was just an error on my part when posting the question.
Relevant content
- Accepted Answerasked 3 years ago
- asked 8 months ago
- AWS OFFICIALUpdated 3 months ago
Thank you so much for your help!