Back to All Checks
Medium S3

S3 general purpose buckets should be encrypted at rest with AWS KMS keys

NISTISO 27001HIPAA

Description

Checks if S3 buckets are encrypted at rest with AWS KMS keys.

Remediation

To encrypt S3 buckets at rest using AWS KMS keys, follow these steps:

Steps

  1. Sign in to the AWS Management Console and open the Amazon S3 console.
  2. Choose the bucket you want to encrypt.
  3. Click on the 'Properties' tab.
  4. In the 'Default encryption' section, click on 'Edit'.
  5. Select 'AWS Key Management Service key (SSE-KMS)' as the encryption method.
  6. Choose an existing AWS KMS key or create a new one. If creating a new key, follow the prompts to specify the key configuration and permissions.
  7. After selecting the KMS key, click on 'Save changes'.
  8. Ensure that all necessary permissions are in place for users and applications to access the encrypted objects.

Compliance

NISTISO 27001HIPAA
Start Your Free Security Check