AWS S3 SSE : s3 managed keys encrypted object upload using python

0
votes

I am simply trying to upload encrypted object to S3 bucket. I have gone through the AWS documentation on SSE. Most confusing part is I am not clear on : 1. If we need to set default server side encryption option to AES256(I am assuming it is S3 managed key) for bucket before uploading object to s3 or 2. we can directly upload to s3 bucket without having any server side encryption option set for that bucket?

Assuming second point true, I have tried to upload object on S3 specifying extra arguments:

s3_con.upload_file('abc.txt','s3_key_path/abc.txt',ExtraArgs={"ServerSideEncryption": "AES256"})

I was able to upload file using above code line but the file was not encrypted. So I guess I need to try first point before uploading to bucket.

How can I upload encrypted object using server side encryption using S3 managed key in python and what steps I need to do for this?

1
amazon-web-servicesamazon-s3encryption
What makes you say the file was not encrypted after upload?jarmod
@jarmod I am not sure how to check it is encrypted.But when I opened that file I could see all its contents as is as before uploading.Anvita
Can you please guide me on this if I am missing anything?Anvita

1 Answers

1
votes

The file is encrypted. Look at the Properties > Encryption tab in the AWS console for that S3 object.

You can see the contents because SSE-S3 (AES-256) is transparent at-rest encryption. S3 encrypts the object as it's written to disk, and decrypts it as it's read from disk. Because you have permission to get the object, that process is transparent to you.

You also have other encryption options including KMS managed keys, your own managed keys, and doing client-side encryption prior to sending to S3.