How should we Update default encryption on S3 buckets using Cloud Formation Template?

1
votes

we have pre-existing Cloudformation Stack which created few ec2 Instances and couple of s3 buckets with its policies stuff. But the default encryption was not set.

All i was trying do is to up update the existing stack to set Default Encryption to AES-256 using below code. But it is failing stating "test-encryption-sbox4 already exists in stack". Im not trying to create s3 but just trying update existing buckets policy.

Is it valid to update the S3 encryption via stack after it got created ? or do we need to take care of it which its creation time ? Can anyone please suggest how to updates existing bucket policy via CF.

Code which i used. How do you set SSE-S3 or SSE-KMS encryption on S3 buckets using Cloud Formation Template?

1
amazon-web-servicesamazon-s3encryptionamazon-cloudformation

1 Answers

0
votes

You are getting this error because your bucket is not under control of CFN. Thus, CFN tries to re-create this bucket.

If the bucket has been created outside of CFN, e.g. manually in console, then you have to import it into CloudFormation stack first. Only, after that you can updated it from CFN.

Without that, CFN will try to create the same bucket, which obviously results in your error.