DEV Community

Mim Ahmed for AWS Community Builders

Posted on

How to Stop Objects from Being Upload to Amazon S3 Without Encryption using Bucket Policies

To prevent uploads of unencrypted objects to Amazon S3, you can enforce encryption at the bucket level or use bucket policies to require server-side encryption. Amazon S3 provides several options for server-side encryption, including Amazon S3 managed keys (SSE-S3), AWS Key Management Service (AWS KMS) keys (SSE-KMS), and customer-provided keys (SSE-C). Here are steps you can take to enforce encryption.

In this article we are going to learn how to do this using Bucket Policies.

Step 1:

Go to your S3 Console & Choose or create a Bucket

S3 Conosle

Step 2:

Now to go the permission tab and scroll down and choose

S3 Bucket

Now Click on Policy generator

Bucket Policy

Now go back policy page and copy the bucket ARN (We Need This Later)

bucket ARN

Step 3: Config Bucket Policy

Bucket Policy

Now Click add Statement & Click Generate Policy

Generate Policy

Now Copy the JSON and past it to bucket policy box

Policy JSON

In the Resource Line Just add ' /* ' and click save changes. This Means Every Objects in this Bucket.


save changes

save sucessfull

Now go back Object Tab and upload some files. The upload will failed unless you choose Encryption Options.

upload failed






Securing your S3 bucket against unencrypted file uploads is a proactive step towards maintaining the integrity and confidentiality of your data. By following the guidelines outlined in this post, you'll be equipped with the knowledge to establish a robust security framework for your AWS S3 bucket. Stay ahead of potential threats and safeguard your data with these essential practices.

Top comments (1)

ntombizakhona profile image
Ntombizakhona Mabaso

Simple & Quick!