- 필수 기능
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- 디지털 경험
- 소프트웨어 제공
- 보안
- 로그 관리
- 관리
- 인프라스트럭처
- ci
- containers
- csm
- ndm
- otel_guides
- overview
- slos
- synthetics
- tests
- 워크플로
Amazon S3 provides a variety of no-cost or low-cost encryption options to protect data at rest.
Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.
Run one of the following commands:
aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration ''{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}''
or:
aws s3api put-bucket-encryption --bucket <bucket name> --server-side-encryption-configuration ''{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "aws:kms","KMSMasterKeyID": "aws/s3"}}]}''
Note: The KMSMasterKeyID
can be set to the master key of your choosing; aws/s3
is an AWS preconfigured default.
Additional Information: S3 bucket encryption only applies to objects as they are placed in the bucket. Enabling S3 bucket encryption does not encrypt objects previously stored within the bucket.