This rule ensures that default encryption is enabled for S3 buckets, enhancing data security.
Rule | S3 bucket default encryption should be enabled |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ Low |
Default Encryption for S3 Buckets with NIST 800-53 Revision 5
Rule Description
By enabling default encryption for Amazon S3 buckets, you can ensure that all new objects stored within the bucket are automatically encrypted using a specified encryption method. This rule implementation aligns with the security requirements defined in the National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5, which provides guidelines and security controls for federal information systems.
Troubleshooting Steps
If default encryption is not enabled for S3 buckets, follow these troubleshooting steps:
Necessary Code
No specific code is needed for this rule. The configuration can be achieved through the AWS Management Console or command-line interface (CLI).
Remediation Steps
Follow these steps to enable default encryption for S3 buckets using the AWS Management Console:
If you prefer to use the AWS CLI, follow these steps:
aws s3api put-bucket-encryption --bucket <bucket-name> --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}'
<bucket-name>
with the actual name of the S3 bucket.Please note that if you wish to use SSE-KMS or SSE-C encryption, you need to modify the
--server-side-encryption-configuration
parameter accordingly.Once default encryption is enabled for the S3 bucket, all new objects saved within the bucket will be automatically encrypted with the chosen encryption method specified during configuration.