S3Express: Amazon S3 Command Line Utility

Amazon S3 command line utility for Windows. Copy, query, backup multiple files to S3 using the Windows command line.

S3Express FAQ and Knowledge Base
Main Page > Browse Categories > Security Considerations > Enforcing server-side encryption for all uploads to a bucket

Enforcing server-side encryption for all uploads to a bucket

Amazon S3 supports bucket policy that you can use if you require server-side encryption for all objects that are stored in your bucket. For example, the following bucket policy denies upload object (s3:PutObject) permission to everyone if the request does not include the x-amz-server-side-encryption header requesting server-side encryption.

{
   "Version":"2012-10-17",
   "Id":"PutObjPolicy",
   "Statement":[{
         "Sid":"DenyUnEncryptedObjectUploads",
         "Effect":"Deny",
         "Principal":{
            "AWS":"*"
         },
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::YourBucket/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption":"AES256"
            }
         }
      }
   ]
}

In S3Express, the x-amz-server-side-encryption header is added by using the -e flag of the PUT command.


User Comments
 Add Comment 
There are no user comments for this topic.
Add Comment
Related
 Connection security (HTTPs)
 How to make a backup to S3 more secure using encryption
 Enforcing 'private access only' for all objects in a bucket
 Restricting access to a S3 bucket to specific IP addresses
Attachments
No attachments

Did this help you?
Yes No

Statistics
53% found this information useful

Other Options
Printable Version

Download
Download S3Express

S3Express Manual
 HTML   PDF
 A printable version of the entire FAQ and Knowledge Base is also available.
 For further queries, please contact us by e-mail at support@s3express.com