Skip to main content
Skip table of contents

Amazon AWS S3 configuration

Overview

Follow the steps below to enable KMS encryption at an S3 bucket.

Enable Default Encryption for an S3 Bucket

This section describes how to enable encryption for AWS S3-KMS. Please follow the steps below:

  1. Sign into the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. In the Bucket name list, choose the name of the bucket that you want.

    image-20250911-193625.png

  3. Show Properties.

    image-20250911-193637.png

  4. Choose Default encryption.

    image-20250911-193648.png

  5. Choose AWS-KMS, and then choose a master key from the list of the AWS KMS master keys that you have created.  AES-256 is not supported in this context.

  6. Type the Amazon Resource Name (ARN) of the AWS KMS key to use. You can find the ARN for your AWS KMS key in the IAM console, under Encryption keys, or you can choose a key name from the dropdown list.

    image-20250911-193702.png

  7. Click Save.

Create Master key for AWS-KMS

This section describes how to create an AWS-KMS master key. Please follow the steps below:

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, click Encryption keys.

  3. Click Create Key.

    image-20250911-193721.png

  4. Complete the app key and description fields then press Next step.

    image-20250911-193733.png

  5. Check the users and roles who can administer the master key. Press Next step when done.

    image-20250911-193745.png

  6. Select users and roles who can encrypt and decrypt data when using AWS services.

    image-20250911-193757.png

  7. Click Finish to save the encryption key.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close