Connect with us


Encrypt data in Amazon S3 using server-side encryption

Data security on the cloud is one of the key priorities for any business owner and IT administrator, for that matter. In most cases, data is protected by the old-fashioned username and password authentication which is gradually being phased out by more robust authentication such as biometric authentication. Because of the degree of sensitivity, the username and password authentication is not strong enough, and encryption provides a better way to provide much-needed confidentiality. In this guide, we will explore how to encrypt data in Amazon S3 using server-side encryption.

What is encryption all about?

Encryption is a way of converting or scrambling information into a form that can only be read by intended parties. When intruders or unauthorized parties get a hold of the data, it’s completely futile since they cannot decipher the information unless they acquire a decryption key.

AWS Provides two encryption techniques for your S3 bucket:

  1. Server-side encryption
  2. Client-side encryption

Let’s take a look a both of these encryption techniques

Server-side encryption

In server-side encryption, data is protected at rest. Simply put, The encryption and decryption keys reside on the cloud. During upload, the S3 bucket encrypts all the files and folders. AWS is the only entity with the knowledge of which key is associated with data encryption using its own algorithms.

S3 server-side encryption doesn’t require you to create or save any keys. It makes use of one of the most robust ciphers available – the 256-bit Advanced Encryption Standard (AES-256).

Client-side encryption

client-side encryption happens when both the encryption and decryption keys are saved on the client and files are encrypted before being uploaded. Simply put, by the time the server receives the data, it is already encrypted. Perhaps the only drawback with this method is that it demands the user to store the decryption key.

Encrypt data in Amazon S3 using server-side

Let us now look at how you can encrypt data in Amazon S3 using server-side encryption. We already assume that you have already created your S3 bucket. In our case, the bucket name is mys3galaxy.

S3 bucker in AWS
S3 bucket created in AWS

Click on the bucket name and click on the ‘Properties‘ tab.

Click on properties tab
Click on properties tab

Scroll down and locate the ‘Default Encryption‘ section and click on the “Edit” button. to start making changes.

Next, click on “Enable” and select the “Amazon S3 key (SSE-S3)” option. Finally, click on the ‘Save changes‘ button to enable the Amazon S3 server-side encryption.

encrypt data in Amazon S3
encrypt data in Amazon S3

Shortly after, you will notice a green pop notification informing you of the successful implementation of the encryption.

encrypt data in Amazon S3
S3 bucket encrypted

When you head back and check the Default Encryption section, you’ll notice that server-side encryption has already been enabled.

Amazon S3 encryption enabled
Amazon S3 encryption enabled

Any subsequent files that will be uploaded in the S3 bucket will now be encrypted using server-side encryption. Thanks for taking your time.


Continue Reading