Rule for S3 Bucket Default Encryption Enabled

Rule Description

Troubleshooting Steps

2. 1.

   Check S3 Bucket Encryption Status: Verify if default encryption is already enabled for the S3 buckets. You can do this by checking the bucket properties in the S3 Management Console or by using the AWS Command Line Interface (CLI) with the following command:

   aws s3api get-bucket-encryption --bucket <bucket-name>
   

   Replace

   <bucket-name>

   with the name of the S3 bucket you want to check. If the encryption details are returned, default encryption is already enabled.

4. 2.

   Enable Default Encryption: If default encryption is not enabled, you can enable it by performing the following steps:

   • S3 Management Console:

     • Open the S3 Management Console.
     • Navigate to the bucket you want to enable default encryption for.
     • Click on the "Properties" tab.
     • Scroll down to the "Default encryption" section.
     • Click on "Edit" to modify the encryption settings.
     • Enable the "Default encryption" option.
     • Choose the encryption type (e.g., AES-256 or AWS Key Management Service).
     • Click on "Save" to apply the changes.

   • AWS CLI:

     • Run the following command to enable default encryption:

       aws s3api put-bucket-encryption --bucket <bucket-name> --server-side-encryption-configuration '{"Rules":[{"ApplyServerSideEncryptionByDefault":{"SSEAlgorithm":"AES256"}}]}'
       

       Replace

       <bucket-name>

       with the name of the S3 bucket you want to enable default encryption for. You can also choose a different

       SSEAlgorithm

       if you prefer to use AWS Key Management Service (KMS) encryption.
6. 3.

   Verify Default Encryption: After enabling default encryption, verify if it has been successfully applied to the bucket by using the same command mentioned in step 1:

   aws s3api get-bucket-encryption --bucket <bucket-name>
   

   Ensure that the response indicates that default encryption is now enabled.

Summary