S3

Protecting S3 Data with Encryption

“From the Mailbag” gives us at AWS w/ .NET the opportunity to answer questions from our users. Got a question for us? Ask us here.

Photo by Joanna Kosinska on Unsplash

Question

Our company has an S3 bucket where multiple companies upload CSV files for later processing. Is it possible to require that all files in that bucket be encrypted?

Response

S3 has a lot of flexibility when it comes to encryption. S3 objects can be encrypted client side and then uploaded or objects can be encrypted server side using KMS keys, customer provided keys or S3 keys. In order to enforce that all S3 objects in a bucket are encrypted, use a bucket policy requiring that all object uploads must provide the x-amz-server-side-encryption header. More on the x-amz-server-side-encryption header can be found here: Using Server Side Encryption.