1. Answers
  2. Setup AWS S3 Bucket with Server-Side Encryption Configuration

How do I build an AWS S3 bucket with server-side encryption configuration v2?

Setting Up an AWS S3 Bucket with Server-Side Encryption Configuration

In this guide, we will create an AWS S3 bucket and configure it to use server-side encryption. Server-side encryption protects data at rest within the bucket, ensuring that your stored data is secured.

We will use the aws_s3_bucket resource to create the bucket and the aws_s3_bucket_server_side_encryption_configuration resource to define the encryption settings.

Key Points:

  1. AWS S3 Bucket Creation: Set up an S3 bucket to store objects.
  2. Server-Side Encryption: Configure the bucket to use server-side encryption with AWS Key Management Service (KMS) or AES-256.
  3. Stack Outputs: Export bucket name and ARN for easy reference.

Example Program

The following example creates an S3 bucket with server-side encryption. It uses AWS KMS-managed keys (SSE-KMS) for encryption.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an S3 bucket
const myBucket = new aws.s3.BucketV2("my_bucket", {
    bucket: "my-secure-bucket-unique-name",
    acl: "private",
    versionings: [{
        enabled: true,
    }],
});
// Set up server-side encryption configuration for the S3 bucket
const myBucketSse = new aws.s3.BucketServerSideEncryptionConfigurationV2("my_bucket_sse", {
    bucket: myBucket.bucket,
    rules: [{
        applyServerSideEncryptionByDefault: {
            sseAlgorithm: "aws:kms",
            kmsMasterKeyId: "alias/aws/s3",
        },
    }],
});
export const bucketName = myBucket.bucket;
export const bucketArn = myBucket.arn;

Summary

In this example, we created an AWS S3 bucket and enabled server-side encryption using an AWS KMS key. We defined the bucket with a private ACL and enabled versioning. Additionally, we set up an encryption rule to ensure that all objects stored in the bucket are encrypted with the specified KMS key. Finally, we exported the bucket name and ARN for easy reference.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up