S3 Server-side Encryption

  • SSE-S3 requires that S3 manages the data and the encryption keys:

    • Encrypts the key itself with a master key that it regularly rotates.

    • Uses one of the strongest block ciphers available, AES-256, to encrypt your data.

  • SSE-C requires that the customer manages the encryption keys.

  • SSE-KMS requires that AWS manages the data key but the customer manages the CMK in KMS.

PreviousCloudTrail EncryptionNextEnvelope Encryption

Last updated