Lab 4-1: S3 Server-side Encryption

Create S3 Bucket:

Upload file:

Submit screenshot of your S3 bucket with a file stored in it.

Create a Customer Managed Key in KMS:

On the "Key Administrative" page - you need to add the "vocareum" and "vocstartsoft" roles - which are on the second page of listed roles

Again - select "vocareum" and "vocstartsoft" on page 2

Submit screenshot of your KMS key listed in the console:

Use native S3 SSE (S3 Master Key) to protect a file in S3 Bucket

Click Upload to add a file to your S3 Bucket

• Expand Properties

• Select "Specify and encryption key"

  • Override bucket settings

  • Select SSE-S3 (this uses AWS's managed key)

  

  

  Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with S3 Master Key:

Use native AWS KMS SSE (KMS Master Key) to protect a file in S3 Bucket

Using the mostly the same process as above - upload another file to your S3 Bucket , but this time protect it using the AWS KMS Master Key you created in Step 2

Submit: Screenshot showing properties of a file in your S3 bucket that is encrypted with your AWS KMS key