Overview of S3 Encryption Mechanisms

  • Requires minimal configuration
  • Management of encryption keys managed by AWS
  • All you need to do is to upload your data and S3 will handle all other aspects
  • Allow S3 to use the Key Management Service to generate data encryption keys
  • Gives greater flexibility of key management: disable, rotate, and apply access controls to the CMK
  • Gives you the opportunity to provide your own Master keys
  • Your customer provided key would be sent with your data to S3, where S3 would then perform the encryption for you
  • Uses the Key Management Service to generate data encryption keys
  • KMS is called upon via the client, not S3
  • Encryption takes place client-side and the encrypted data is then sent to S3
  • You are able to utilize your own provided keys
  • Use an AWS SDK client to encrypt your data before sending it to S3 for storage
Nadtakan Futhoem — Sr. Software Engineer

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store