Lab 4-1: S3 Server-side Encryption

PreviousLab 3-2: AWS EC2 with CLI - Lab 2 NextLab 4-2: S3 SSE - Client Provided Keys

Last updated 1 year ago

Lab 4-1: S3 Server-side Encryption

Create S3 Bucket:

Upload file:

Submit screenshot of your S3 bucket with a file stored in it.

Create a Customer Managed Key in KMS:

On the "Key Administrative" page - you need to add the "vocareum" and "vocstartsoft" roles - which are on the second page of listed roles

Again - select "vocareum" and "vocstartsoft" on page 2

Submit screenshot of your KMS key listed in the console:

Use native S3 SSE (S3 Master Key) to protect a file in S3 Bucket

Click Upload to add a file to your S3 Bucket

Expand Properties
Select "Specify and encryption key"
- Override bucket settings
- Select SSE-S3 (this uses AWS's managed key)
Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with S3 Master Key:

Use native AWS KMS SSE (KMS Master Key) to protect a file in S3 Bucket

Using the mostly the same process as above - upload another file to your S3 Bucket , but this time protect it using the AWS KMS Master Key you created in Step 2

Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with your AWS KMS key