By using AWS re:Post, you agree to the Terms of Use
/Enabling S3 Encryption-at-rest on a go-forward basis with s3fs/

Enabling S3 Encryption-at-rest on a go-forward basis with s3fs

0

Hi,

We have some buckets (have been around for a while, approx 200GB+ data) and we want to turn on encryption-at-rest using SSE-S3 (the most "transparent" way) https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html

The S3 buckets are mounted to our Linux VMs using S3FS https://github.com/s3fs-fuse/s3fs-fuse which has support for this (seems fairly transparent)

So, it seems like the way this works is that you can only enable this on files on a go-forward basis so the older files that already exist will not be in encrypted-at-rest (which is ok, we can backfill this later)

Has anybody tried to do this before using this combo? If we mount the bucket using s3fs with -o use_sse option, what will happen as the files will be half-and-half?

Will it "just work"? s3fs will be mounted with -o use_sse and it will be able to handle files that are BOTH the old way (not encrypted-at-rest) and the newer files (encrypted-at-rest) ... we can then start backfilling the older files and we have time or will this fail catastrophically the minute we mount the s3 bucket :(

Is the solution to just start a new bucket and do the SSE-S3 and then just start moving the files over (we have done this before in terms of having code in our application check for a file in multiple buckets before giving up)

Of course, we will test all this stuff, just wanted to ask a quick question in case we are worried about this too much and if this is a "no big deal" or "be very careful"

Thanks!

1 Answers
0

Initial testing seems to indicate that SSE-S3 is really transparent and S3FS does not even need to be configured differently (no need for -o use_sse). S3FS can handle both encrypted and non-encrypted files (same bucket) with no problems

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions