Shulou(Shulou.com)06/02 Report--

AWS S3 uses TLS encryption and decryption by default when uploading and downloading. Where exactly was this configured?

The easiest way is in S3, when we create a new Bucket, we can select the default encryption on the console, as shown below

SSE-S3 or SSE-KMS service encryption can be selected by default. The latter is more secure but comes with some additional costs.

If we didn't make a choice at the time of creation, we can also encrypt it by setting the Bucket Policy. In AWS, all services are APIs, so all settings can be converted into corresponding parameters in the header file. For example, we can disable uploads by disabling requests that do not have encryption parameters in the header file.

specific operation is as follows

In the corresponding bucket, enter Permission - Bucket Policy -Policy Generator at the bottom

basic settings

Type of Policy:S3 Bucket Policy

Effect:Deny

Principal:

AWS Service: Amazon S3

Actions: PutObject

ARN: arn:aws:s3:::XXXXXX

Condition:stringnotequals

key:s3-x-amz-server-side-encryption

value:aws:kms

The generator will automatically generate the following configuration files and copy them to the corresponding editor. Eh, it was actually wrong!

The solution is simple, you need to add a wildcard after the bucket. This should be a bug in AWS.

Just click Save.

Now let's test it.

First upload a file, choose not to encrypt

And it failed.

Upload again, this time select AWS KMS master-key

Upload successful!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.