Perform the following steps to enable server-side encryption :

1. Sign in to the AWS Management Console.
2. Click to S3 dashboard at https://console.aws.amazon.com/s3/.
3. Select the S3 bucket that you want to configure and click the Properties tab from the dashboard top right menu:
4. Inside the Properties tab, click Permissions to expand the bucket permissions settings panel.
5. Click the Edit bucket policy button to edit the bucket policy currently in use. If the selected bucket does not have an access policy defined yet, click Add bucket policy.
6. In the Bucket Policy Editor dialog box, perform one of the following actions based on your current configuration:
   1. If there is no access policy currently in use, paste the following policy document in the Bucket Policy Editor box, replace the bucket name, i.e. abc-bucket-name, with the name of your own S3 bucket then click Save. This policy will enforce the owner and the users that have access to the bucket to enable Server-Side Encryption for every object uploaded via Management Console or via AWS API:

      1. {  "Version": "2012-10-17",  "Id": "PutObjPolicy",  "Statement": [    {      "Sid": "DenyIncorrectEncryptionHeader",      "Effect": "Deny",      "Principal": "*",      "Action": "s3:PutObject",      "Resource": "arn:aws:s3:::abc-bucket-name/*",      "Condition": {        "StringNotEquals": {          "s3:x-amz-server-side-encryption": "AES256"        }      }    },    {      "Sid": "DenyUnEncryptedObjectUploads",      "Effect": "Deny",      "Principal": "*",      "Action": "s3:PutObject",      "Resource": "arn:aws:s3:::abc-bucket-name/*",      "Condition": {        "Null": {          "s3:x-amz-server-side-encryption": "true"        }      }    }  ]}

   2. If the selected bucket has already an access policy implemented, append the following policy statements to the existing ones available within the Bucket Policy Editor box, as shown in the following example.

      1. {      "Sid": "DenyIncorrectEncryptionHeader",      "Effect": "Deny",      "Principal": "*",      "Action": "s3:PutObject",      "Resource": "arn:aws:s3:::abc-bucket-name/*",      "Condition": {        "StringNotEquals": {          "s3:x-amz-server-side-encryption": "AES256"        }      }    },    {      "Sid": "DenyUnEncryptedObjectUploads",      "Effect": "Deny",      "Principal": "*",      "Action": "s3:PutObject",      "Resource": "arn:aws:s3:::abc-bucket-name/*",      "Condition": {        "Null": {          "s3:x-amz-server-side-encryption": "true"        }      }    

7. To check the Server-Side Encryption feature implementation, perform the following actions:
   1. Select the SSE-enabled S3 bucket and click the Upload button from the dashboard top menu.
   2. In the Upload – Select Files and Folders dialog box, click Add files to upload a simple text file.
   3. Click Set Details button to set additional details for the object uploaded at the previous step.
   4. On the Set Details page, check Use Server Side Encryption checkbox then click Start Upload to upload the file to your bucket. If your file is uploaded to S3 without returning any errors during the process, the Server-Side Encryption has been successfully enabled.