如何使用云形成模板在S3存储桶上设置SSE-S3或SSE-KMS加密? [英] How do you set SSE-S3 or SSE-KMS encryption on S3 buckets using Cloud Formation Template?
问题描述
我正在尝试使用CloudFormation模板在AWS中启动S3存储桶。此项目的要求之一是将存储桶加密到位。我一直在尝试找到一种通过CloudFormation模板进行设置的方法(我已经阅读了有关SSE-S3,KMS,CFT和S3的所有文档,...)。但所有迹象似乎都表明只能通过控制台使用。
I'm trying to use a CloudFormation Template to spin up an S3 Bucket in AWS. One of the requirements for this project is that the bucket be encrypted in place. I've been trying to find a way to set that up via CloudFormation Template (I've read all the documentation I can get my hands on for SSE-S3, KMS, CFT and S3s...). But all signs seem to point to it only being available via the console.
我担心我只是缺少一些明显的东西,我想知道是否有人知道我可以使用CloudFormation模板(或至少自动化的东西)将S3存储桶的默认加密设置为SSE-S3或SSE-KMS?
I'm worried I'm just missing something obvious and I wondered if anyone knew how I could use CloudFormation Template(or at least something automated) to set the default encryption of an S3 Bucket to SSE-S3 or SSE-KMS?
推荐答案
AWS 于2018年1月24日添加了此功能:
AWS added this feature on January 24th, 2018:
使用BucketEncryption属性为存储桶指定默认加密,该存储桶通过Amazon S3托管密钥SSE-S3或AWS KMS进行服务器端加密管理的密钥(SSE-KMS)存储桶。
Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket.
JSON
{
"Resources": {
"MyBucket": {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
}
}
}
}
YAML
Resources:
MyBucket:
Type: "AWS::S3::Bucket"
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
https:// docs .aws.amazon.com / AWSCloudFormation / latest / UserGuide / aws-properties-s3-bucket.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGu ide / aws-properties-s3-bucket-bucketencryption.html
这篇关于如何使用云形成模板在S3存储桶上设置SSE-S3或SSE-KMS加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!