f5-aws-cloudformation icon indicating copy to clipboard operation
f5-aws-cloudformation copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Encrypt S3Bucket by default

Open dpoulson opened this issue 3 years ago • 1 comments

Our corporate policy is that S3 buckets are all encrypted. Could this be made into the default stance with the cloudformation templates?

We have updated the default template (Cross AZ, still to test on single AZ) and injected a few extra lines as part of our deploy script using the boto3 library. This all seems to be working, the pair comes up in a clustered state, and the backup directory is created in the S3 bucket.

template['Resources']['S3Bucket']['Properties']['BucketEncryption'] = {
    "ServerSideEncryptionConfiguration": [
       {
          "ServerSideEncryptionByDefault": {
             "SSEAlogrithm": "AES256"
          }
       ]
   }

It would of course be much easier to deploy without having this extra step and gave the standard template encrypt by default.

Thanks,

Darren.

dpoulson avatar Feb 28 '22 17:02 dpoulson

@shyawnkarim Customer request for enhancement to set the default encryption behavior for an S3 bucket so that all new objects are encrypted when they are stored in the bucket. More info: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html

tmarfil avatar Feb 28 '22 19:02 tmarfil

Closing.

Encrypted buckets were added to our CSTv2 templates. Information can be found here.

shyawnkarim avatar Oct 11 '22 16:10 shyawnkarim