Use Case for S3 Buckets should use encryption

Quick Links

Configure S3 Buckets should use encryption
Use Case for S3 Buckets should use encryption
Triage Guides by Violation Type
1. Triage S3 Buckets should use encryption DEFAULT_ENCRYPTION_DISABLED

AWS S3 Bucket Encryption

Why Use This Policy?

This policy ensures that your S3 buckets have server-side encryption enabled, providing an additional layer of security for your data. Encrypting data at rest helps protect against unauthorized access and data breaches. This policy identifies buckets without default encryption and highlights potential security risks.

Pros and Cons

Pros:

Enhances data security by ensuring encryption
Helps comply with security standards and regulations
Reduces the risk of data breaches

Cons:

May incur additional costs for encryption
Potential performance impact during encryption and decryption processes

How It Works

The policy checks the server-side encryption settings of your S3 buckets. It looks for the presence of a server-side encryption rule and verifies that the rule specifies an encryption algorithm. The policy triggers violations if no encryption rule is found or if the specified encryption algorithm is missing.

Variables and Defaults

ServerSideEncryptionRule: The rule that defines the encryption settings. Default is null.

Violation Type IDs

DEFAULT_ENCRYPTION_DISABLED: Triggered when default encryption is not enabled for the bucket.

Use Case for S3 Buckets should use encryption

Quick Links​

AWS S3 Bucket Encryption​

Why Use This Policy?​

Pros and Cons​

How It Works​

Variables and Defaults​

Violation Type IDs​