How do you set SSE-S3 or SSE-KMS encryption on S3 buckets using Cloud Formation Template?

前端未结

关注

 3  932

耶瑟儿～ 2020-12-16 10:20

I\'m trying to use a CloudFormation Template to spin up an S3 Bucket in AWS. One of the requirements for this project is that the bucket be encrypted in place. I\'ve been

3条回答

小蘑菇 (楼主)

2020-12-16 10:53

AWS added this feature on January 24th, 2018:

Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket.

JSON

{
  "Resources": {
    "MyBucket": {
      "Type" : "AWS::S3::Bucket",
      "Properties" : {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "SSEAlgorithm": "AES256"
              }
            }
          ]
        }
      }
    }
  }
}

YAML

Resources:
  MyBucket:
    Type: "AWS::S3::Bucket"
    Properties: 
      BucketEncryption: 
        ServerSideEncryptionConfiguration: 
        - ServerSideEncryptionByDefault:
            SSEAlgorithm: AES256

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html

0 讨论(0)

查看其它3个回答