Free Assessment

Amazon_S3_25

Ensure S3 Buckets Encrypted with Customer-Provided CMKs

Description

By using Server-Side Encryption with Customer-Provided Keys allows you to set your own encryption keys so that you have full control over you can use these encryption keys to access your Amazon S3 data. AWS Key Management Service (KMS) allows you to easily rotate, disable and audit the Customer Master Keys (CMKs) configured for your Amazon S3 buckets. Amazon S3 will automatically encrypt any new objects with the specified KMS CMK when server-side encryption is configured to use customer-provided keys by default.

Remediation

Perform the following steps to set Customer-Provided Keys (SSE-C):

  1. Sign in to AWS Management Console.
  2. click to S3 dashboard at https://console.aws.amazon.com/s3/.
  3. Click on the name of the S3 bucket that you want to configure.
  4. Select the Properties tab from the S3 dashboard top menu to access the bucket properties.
  5. Click on the Default encryption box, choose AWS-KMS option and select your own AWS KMS Customer Master Key, from Select a key dropdown list. Click Save to apply the changes.

Service

S3

Severity

Medium

Compliance

Mapping

Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More