Certified Security - Specialty

Sign Up Free or Log In to participate!

S3 Bucket Encryption vs Bucket Object Encryption?

What is the difference between choosing Encryption at the S3 bucket level rather than individual object level? By selecting encryption at the bucket level, it seems intuitive that encryption would be applied to all bucket objects. However, that doesnt appear to be the case.


It appears that bucket level encryption will encrypt all subsequently added objects to the bucket. Is this correct?

1 Answers

Choosing between bucket-level and object-level encryption is more of a design and/or requirement decision. However, if you are mainly concerned about the behaviour/effect of enabling bucket-level encryption, the effect is NOT retroactive, as far as the existing objects in the bucket is concerned.

That is, existing objects in the bucket which were not encrypted prior to the bucket encryption being enabled will remain unencrypted – only new/subsequent objects will be impacted.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?