Certified Security - Specialty

Sign Up Free or Log In to participate!

If the object is still encrypted when I use Server Side encryption, why am I able to see it when I change from KMS to S3 encryption?

In the KMS lesson, Ryan intially uses KMS encryption and the file is not accessible from the public URL. When he switches it to S3 encryption, he can see it. Why is this? Why doesn’t S3 encryption block access also? What is the point of the S3 encryption option if this is possible?

1 Answers

Both SSE-KMS and SSE-S3 enable data encryption at rest. For SSE-KMS, it requires permissions to both data and master key to 1) access the data and 2) have it decrypted. For SSE-S3, AWS encrypts the data before saving it and decrypt the data when retrieved. I.e., permission to the data will automatically gives you permission to S3 encryption key.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?