Amazon_S3_23

Ensure S3 Bucket Default Encryption is enabled

Description

Ensures if default encryption is enabled at the bucket level to automatically encrypt all objects when stored in Amazon S3. The S3 objects are encrypted during the upload process using Server-Side Encryption with either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS). It encrypts your S3 data at the bucket level instead of object level in order to protect it from attackers or unauthorized personnel.

Remediation

Perform the following steps to enable default encryption:

  1. Sign in to the AWS Management Console.
  2. Click on to S3 dashboard at https://console.aws.amazon.com/s3/.
  3. Click on the name (link) of the S3 bucket that you want to configure.
  4. Select the Properties tab from the S3 dashboard top menu and click on the Default encryption’s edit button.
  5. To enable or disable server-side encryption, choose Enable or Disable.:<ol style="list-style-type: lower-alpha

Service

S3

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!