Amazon Web Services now offers Server Side Encryption (SSE) for Amazon S3, enabling the ability to encrypt data stored in Amazon S3, by adding an additional request header when writing the object to Amazon S3, with decryption occurring automatically when data is retrieved.
Amazon S3 Server Side Encryption employs multi-factor encryption, with each object encrypted with a unique key, and as an additional safeguard, this key is itself encrypted with a regularly rotated master key. Amazon S3 Server Side Encryption uses one of the strongest block ciphers available — 256-bit Advanced Encryption Standard (AES-256).
You can start using Amazon S3 Server Side Encryption in the AWS Management Console:
- Under the Amazon S3 tab, use the upload dialog to add files to be uploaded.
- In the “Set Details” section of the upload dialog, set the “Use Server Side Encryption” checkbox property.
- Start Upload. The files will be encrypted and stored in Amazon S3.
If you prefer to manage your own encryption keys, you can also make use of the client libraries for encryption provided by Amazon. To learn more, visit the Amazon S3 Encryption client page.