Rule: S3 Bucket Default Encryption with KMS

Check if S3 bucket default encryption is enabled with KMS.

Rule	S3 bucket default encryption should be enabled with KMS
Framework	CISA-cyber-essentials
Severity	✔ Medium

Rule: S3 Bucket Default Encryption with KMS for CISA-Cyber Essentials

Description:

The S3 bucket default encryption with Key Management Service (KMS) rule ensures that any new objects uploaded to an S3 bucket are automatically encrypted using KMS. This rule helps to protect sensitive data and meet compliance requirements, specifically for CISA-Cyber Essentials.

Troubleshooting Steps:

1.
Verify that you have the necessary AWS permissions to configure default encryption for S3 buckets.

2.
Check if an S3 bucket already exists that does not have default encryption enabled with KMS. If so, follow the remediation steps to enable the default encryption.

Remediation:

Step 1: Enable Default Encryption for an Existing S3 Bucket:

1.
Identify the existing S3 bucket that needs to have default encryption enabled with KMS.

2.
Open the AWS Management Console.

3.
Navigate to the S3 service.

4.
Select the desired bucket from the list.

5.
Click on the "Properties" tab.

6.
Scroll down to the "Default encryption" section and click on the "Edit" button.

7.
Select the "Enable default encryption" checkbox.

8.
Choose "Amazon S3 Key Management Service (S3 KMS)" as the encryption type.

9.
Select the desired KMS key from the drop-down menu.

10.
Click on the "Save changes" button to enable default encryption with KMS for the selected S3 bucket.

Step 2: Enable Default Encryption for New S3 Buckets (AWS CLI):

1.
Install and configure the AWS CLI on your local machine (if not already done).

2.
Open a terminal or command prompt.

3.
Run the following command to enable default encryption with KMS for new S3 buckets:

aws s3api put-bucket-encryption --bucket <bucket-name> --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "aws:kms"}}]}'

Replace

<bucket-name>

with the name of the new S3 bucket you want to enable default encryption for.

Additional Notes:

By enabling default encryption with KMS for S3 buckets, you ensure that all new objects uploaded to those buckets are automatically encrypted.
Using KMS for encryption provides the benefits of centralized key management and fine-grained access control to encryption keys.
Regularly audit your S3 buckets to ensure compliance with the default encryption rule and address any non-compliant buckets.

Please note that SEO optimization is a continuous process and may require additional steps specific to your website content and target keywords.

Rule: S3 Bucket Default Encryption with KMS

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 1: Enable Default Encryption for an Existing S3 Bucket:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Step 2: Enable Default Encryption for New S3 Buckets (AWS CLI):

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Additional Notes:

Is your System Free of Underlying Vulnerabilities? Find Out Now