您如何使用 Cloud Formation 模板在 S3 存储桶上设置 SSE-S3 或 SSE-KMS 加密? [英] How do you set SSE-S3 or SSE-KMS encryption on S3 buckets using Cloud Formation Template?
问题描述
我正在尝试使用 CloudFormation 模板在 AWS 中启动 S3 存储桶.该项目的要求之一是存储桶应就地加密.我一直在试图找到一种通过 CloudFormation 模板进行设置的方法(我已经阅读了所有我可以获得的关于 SSE-S3、KMS、CFT 和 S3s 的文档......).但所有迹象似乎都表明它只能通过控制台使用.
I'm trying to use a CloudFormation Template to spin up an S3 Bucket in AWS. One of the requirements for this project is that the bucket be encrypted in place. I've been trying to find a way to set that up via CloudFormation Template (I've read all the documentation I can get my hands on for SSE-S3, KMS, CFT and S3s...). But all signs seem to point to it only being available via the console.
我担心我只是遗漏了一些明显的东西,我想知道是否有人知道我如何使用 CloudFormation 模板(或至少是自动化的)将 S3 存储桶的默认加密设置为 SSE-S3 或 SSE-KMS?
I'm worried I'm just missing something obvious and I wondered if anyone knew how I could use CloudFormation Template(or at least something automated) to set the default encryption of an S3 Bucket to SSE-S3 or SSE-KMS?
推荐答案
AWS 添加了此功能 2018 年 1 月 24 日:
AWS added this feature on January 24th, 2018:
使用 BucketEncryption 属性为使用 Amazon S3 托管密钥 SSE-S3 或 AWS KMS 托管密钥 (SSE-KMS) 存储桶的服务器端加密的存储桶指定默认加密.
Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket.
JSON
{
"Resources": {
"MyBucket": {
"Type" : "AWS::S3::Bucket",
"Properties" : {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
}
}
}
}
YAML
Resources:
MyBucket:
Type: "AWS::S3::Bucket"
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.htmlhttps://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-bucketencryption.html
这篇关于您如何使用 Cloud Formation 模板在 S3 存储桶上设置 SSE-S3 或 SSE-KMS 加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!