Complete the code to enable server-side encryption with Amazon S3-managed keys.
bucket = s3.Bucket('my-bucket') bucket.put_object(Key='file.txt', Body=data, ServerSideEncryption='[1]')
Using AES256 enables server-side encryption with Amazon S3-managed keys.
Complete the code to enable server-side encryption with AWS KMS-managed keys.
bucket = s3.Bucket('my-bucket') bucket.put_object(Key='file.txt', Body=data, ServerSideEncryption='[1]')
Using aws:kms enables server-side encryption with AWS KMS-managed keys.
Fix the error in the bucket policy to require server-side encryption with AWS KMS.
"Condition": {"StringNotEquals": {"s3:x-amz-server-side-encryption": "[1]"}}
The policy must check for aws:kms to enforce KMS encryption.
Fill both blanks to configure bucket default encryption with AWS KMS and specify the key ID.
bucket_encryption = {
'ServerSideEncryptionConfiguration': [
{
'ServerSideEncryptionByDefault': {
'SSEAlgorithm': '[1]',
'KMSMasterKeyID': '[2]'
}
}
]
}Use aws:kms for the algorithm and provide the KMS key ID string.
Fill the blanks to create a bucket policy that denies uploads without server-side encryption using AES256 or AWS KMS.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": ["[1]", "[2]"]
}
}
}
]
}The policy denies uploads unless the encryption is either AES256 or aws:kms.