Encrypting Data in Amazon S3
Readers have expressed interest in learning more about encryption and key management for protecting data stored in AWS. Amazon Simple Storage Service (S3) supports a server-side encryption feature where you can set a flag in the API or check a box in the AWS Management Console to automatically encrypt your data before it’s written to disk. Amazon manages the keys separately from the data and there is no extra cost to encrypt your data. You can learn more about this feature in the S3 documentation.
Alternatively, you can manage encryption keys yourself and encrypt locally on systems in your own network or from your applications in EC2 before writing to S3. Our colleague Alex Wood recently posted a great blog entry on how to use client-side encryption for S3 in the AWS SDK for Ruby to encrypt data using your own symmetric or asymmetric keys. While Alex’s post focuses on the Ruby implementation, this post by Jason Fulghum shows how it works in the AWS SDK for Java.