By using AWS re:Post, you agree to the Terms of Use
/Enabling S3 Encryption-at-rest on a go-forward basis with s3fs/

Enabling S3 Encryption-at-rest on a go-forward basis with s3fs



We have some buckets (have been around for a while, approx 200GB+ data) and we want to turn on encryption-at-rest using SSE-S3 (the most "transparent" way)

The S3 buckets are mounted to our Linux VMs using S3FS which has support for this (seems fairly transparent)

So, it seems like the way this works is that you can only enable this on files on a go-forward basis so the older files that already exist will not be in encrypted-at-rest (which is ok, we can backfill this later)

Has anybody tried to do this before using this combo? If we mount the bucket using s3fs with -o use_sse option, what will happen as the files will be half-and-half?

Will it "just work"? s3fs will be mounted with -o use_sse and it will be able to handle files that are BOTH the old way (not encrypted-at-rest) and the newer files (encrypted-at-rest) ... we can then start backfilling the older files and we have time or will this fail catastrophically the minute we mount the s3 bucket :(

Is the solution to just start a new bucket and do the SSE-S3 and then just start moving the files over (we have done this before in terms of having code in our application check for a file in multiple buckets before giving up)

Of course, we will test all this stuff, just wanted to ask a quick question in case we are worried about this too much and if this is a "no big deal" or "be very careful"


1 Answers

Initial testing seems to indicate that SSE-S3 is really transparent and S3FS does not even need to be configured differently (no need for -o use_sse). S3FS can handle both encrypted and non-encrypted files (same bucket) with no problems

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions