Home > Blockchain >  How to enable AWS managed key (aws/s3) as a AWS KMS key in S3 encryption
How to enable AWS managed key (aws/s3) as a AWS KMS key in S3 encryption

Time:02-14

How can i enable AWS managed key (aws/s3) as a AWS KMS key in S3 encryption using cloud formation? I have the following code but i'm not sure if i should pass the key as an arn

MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: aws:kms
              KMSMasterKeyID: !GetAtt ARN?
      VersioningConfiguration:
        Status: Enabled

CodePudding user response:

You can use server-side encryption with S3-managed keys (SSE-S3) by modifying the Amazon S3 Bucket ServerSideEncryptionByDefault property to specify AES256 for SSEAlgorithm

MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256 
      VersioningConfiguration:
        Status: Enabled
  • Related