Please enable JavaScript.

Coggle requires JavaScript to display documents.

14.148: S3 encryption - Coggle Diagram

- - - - Handle, managed, owned by AWS
      - AES-256
      - Must set header: "x-amz-server-side-encryption": "AES256"
      - Default enable for new Bucket/Objects
    - - Handle and managed in AWS KMS
      - User control + audit key usage using CloudTrail
      - Must set header: "x-amz-server-side-encryption": "aws:kms"
      - Limitation
        
        Impacted by KMS limit
        
        When you download, it call Decrypt KMS API
        
        Count towards the KMS quote per sec
        
        Can request a quota increase using Service Quotas Console
    - - Managed by the customer outside of AWS
      - AWS S3 NOT store the encrypt key you provide
      - HTTPS must be used
      - Encryption key must provided in HTTP headers, for every HTTP request made