Paul's Resources

Search

SearchSearch

Lab 4.1 S3 Server-side Encryption

Apr 07, 2024, 1 min read

Lab 4.1: S3 Server-side Encryption

Create S3 Bucket:

Upload file:

Submit screenshot of your S3 bucket with a file stored in it.

Create a Customer Managed Key in KMS:

On the “Key Administrative” page - you need to add the “vocareum” and “vocstartsoft” roles - which are on the second page of listed roles

Again - select “vocareum” and “vocstartsoft” on page 2

Submit screenshot of your KMS key listed in the console:

Use native S3 SSE (S3 Master Key) to protect a file in S3 Bucket

Click Upload to add a file to your S3 Bucket

  • Expand Properties
  • Select “Specify and encryption key”
    • Override bucket settings
    • Select SSE-S3 (this uses AWS’s managed key)

Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with S3 Master Key:

Use native AWS KMS SSE (KMS Master Key) to protect a file in S3 Bucket

Using the mostly the same process as above - upload another file to your S3 Bucket , but this time protect it using the AWS KMS Master Key you created in Step 2

Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with your AWS KMS key

Graph View

Backlinks