AWS Snowball User Guide
Server-Side Encryption
Enabling SSE-S3 for Data Imported into Amazon S3 from a
Snowball
Use the following procedure in the Amazon S3 Management Console to enable SSE-S3 for data being
imported into Amazon S3. No configuration is necessary in the AWS Snowball Management Console or
on the Snowball device itself.
To enable SSE-S3 encryption for the data that you're importing into Amazon S3, simply update the
bucket policies for all the buckets that you're importing data into. You update the policies to deny
upload object (s3:PutObject) permission if the upload request doesn't include the x-amz-server-
side-encryption header.
To enable SSE-S3 for data imported into Amazon S3
1. Sign in to the AWS Management Console and open the Amazon S3 console at https://
console.aws.amazon.com/s3/.
2. Choose the bucket that you're importing data into from the list of buckets.
3. Choose Permissions.
4. Choose Bucket Policy.
5. In Bucket policy editor, enter the following policy. Replace all the instances of YourBucket in this
policy with the actual name of your bucket.
{
"Version": "2012-10-17",
"Id": "PutObjPolicy",
"Statement": [
{
"Sid": "DenyIncorrectEncryptionHeader",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YourBucket/*",
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::YourBucket/*",
"Condition": {
"Null": {
"s3:x-amz-server-side-encryption": "true"
}
}
}
]
}
6. Choose Save.
You've finished configuring your Amazon S3 bucket. When your data is imported into this bucket, it is
protected by SSE-S3. Repeat this procedure for any other buckets, as necessary.
78
To Next Page
Loading...