dsaM2cTMEFx0aTxNVYHCAWS S3 Bucket Encryption Setup and Status Verification Process
AWS S3 Bucket Encryption Setup and Status Verification Process
This task involves enabling AES-256 server-side encryption on S3 buckets and verifying its activation. This process ensures data security by encrypting contents within the buckets. By default all new buckets created are encrypted but this task beneficial for legacy buckets without encryption enabled.
inputs
outputs
import boto3
from botocore.exceptions import ClientError, BotoCoreError
creds = _get_creds(cred_label)['creds']
access_key = creds['username']
secret_key = creds['password']
def enable_and_verify_bucket_encryption(bucket_name):
"""
Enable default AES-256 server-side encryption on the specified S3 bucket
and verify the encryption status.
"""
s3 = boto3.client('s3',aws_access_key_id=access_key,aws_secret_access_key=secret_key)
encryption_configuration = {'Rules': [{'ApplyServerSideEncryptionByDefault': {'SSEAlgorithm': 'AES256'}}]}
try:
s3.put_bucket_encryption(Bucket=bucket_name, ServerSideEncryptionConfiguration=encryption_configuration)
response = s3.get_bucket_encryption(Bucket=bucket_name)
if response['ResponseMetadata']['HTTPStatusCode'] == 200:
print(f"Encryption successfully enabled on bucket '{bucket_name}'.")
else:
print(f"Failed to verify encryption on bucket '{bucket_name}'.")
except ClientError as e:
print(f"AWS ClientError: {e.response['Error']['Message']}")
except BotoCoreError as e:
print(f"BotoCoreError: {e}")
except Exception as e:
print(f"An unexpected error occurred: {e}")
#bucket_name = 'test-sse-encryption-bucket-123'
enable_and_verify_bucket_encryption(bucket_name)
copied