Practicing Encryption in Amazon S3

In this lesson, we explored server-side encryption options in Amazon S3 by creating a bucket, enabling encryption, and testing different encryption mechanisms.

1. Creating an Encrypted S3 Bucket

We started by creating an S3 bucket named demo-encryption-stephane-v2. During the setup:

• Bucket versioning was enabled.
• Default encryption was configured.

Amazon S3 offers three encryption options for server-side encryption:

1. SSE-S3 – Encryption using Amazon S3-managed keys.
2. SSE-KMS – Encryption using AWS Key Management Service (KMS) keys.
3. DSSE-KMS – A dual-layer encryption mechanism on top of SSE-KMS.

For this demonstration, SSE-S3 was selected as the default encryption.

2. Uploading an Encrypted Object

To verify encryption:

1. Uploaded a file (coffee.jpg) to the S3 bucket.
2. Checked its server-side encryption settings.
3. Confirmed that it was encrypted with SSE-S3 (Amazon S3-managed keys).

3. Changing the Encryption Method