AWS

How to enable encryption on objects in an S3 bucket?

Security is one of the crucial aspects about, meaning you will only store your data online on storage providers like Google, Dropbox or Amazon. In the case of Amazon, its “Amazon S3” service available on “Amazon Web Services (aws)” does provide encryption on the data stored inside “S3 bucket“. Moreover, we are going to learn about “encryption on objects in an S3 bucket”.

Question: What kind of “encryption” we are talking about here?

Answer: We are talking about “server-side encryption“. In this, the files (objects) stored are going to be encrypted by “Amazon” and if somehow stolen, can only be decrypted using the amazon’s key. This is known as “Encryption at Rest“.

Before going further, please read -> How to Create an S3 Bucket

Step 1: Create an S3 bucket

We are going to create a bucket with a name “practice-geekylane“.

Open the practive geekylane bucket to access files
Open the “practive-geekylane” bucket to access files

After creating the bucket, check that whether the encryption is enabled by default on it or not.

As we can see from the picture below, by default no encryption is enabled on an S3 bucket’s objects.

In our case, we are going to enable encryption on an “object = GL logo.jpg” stored in the “bucket = practice-geekylane“.

Currently the GL logo jpg file is not encrypted
Currently the “GL logo.jpg” file is not encrypted

From below, we can confirm that it is saying “Encryption = None” which means no encryption.

Click on encryption to change the encryption for file inside an S3 bucket
Click on encryption to change the encryption for file inside an S3 bucket

Step 2: Enable Encryption

In this step, click on the “Encryption” highlighted in the “Step 1“, you will be seeing something like shown below.

On this window, select the “AES-256” which is “Amazon S3 server-side encryption“.

After that, click on the “Save” icon to save the changes made.

Select AES 256 as encryption for the object server side
Select “AES 256” as encryption for the object server side

It will ask you for a confirmation, as shown below click on the “Change” icon in order to change the encryption type.

Confirmation message click on change
Confirmation message click on “Change

After that, you will be seeing something like shown below, it is a message informing that the changes are successfully made.

A success message
A success message

Step 3: Check the Encryption on objects stored in an S3 bucket

From the screenshot below, we can see that now the “object = GL logo.jpg” now have encryption enabled on it, and it is of AES-256 type.

The GL logo jpg is now encrypted with AES 256
The “GL logo.jpg” is now encrypted with “AES 256

More on Amazon S3:

More on AWS:

Comment here