Ensure that your AWS S3 buckets are protecting their sensitive data at rest by enforcing Server-Side Encryption
When dealing with sensitive data that is crucial to your business, it is highly recommended to implement encryption in order to protect it from attackers or unauthorized personnel. Using S3 Server-Side Encryption (SSE) will enable Amazon to encrypt your data at the object level as it writes it to disks and decrypts it transparently for you when you access it. Note: Server-Side Encryption (SSE) utilizes one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your S3 objects.
To determine if your Amazon S3 buckets have Server-Side Encryption enabled for their objects, perform the following:
To enable Server-Side Encryption (SSE) for your S3 buckets via access policies, perform the following: