1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi,
In general, customer (security team, engineer team) should choose which encryption method to use according to their requests. AWS provides multiple exclusive options, and recommend to ensure your service encrypt at rest, encrypt at transit.
For S3, by default, the encryption is disabled. You can enable it by choosing either Amazon S3-Managed Keys (SSE-S3) or AWS Key Management Service (SSE-KMS). In summary, the former option use the key managed by AWS, which reduce the overhead to configure KMS key. The latter you have the flexibility to create and manage your KMS key.
More details: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html
Thanks,
已回答 1 年前
相關內容
- AWS 官方已更新 1 年前