search

F5Networks / f5-aws-cloudformation

CloudFormation Templates for quickly deploying BIG-IP services in Amazon Web Services EC2
112 stars 118 forks source link

Encrypt S3Bucket by default #163

Closed dpoulson closed 2 years ago

dpoulson commented 2 years ago

Our corporate policy is that S3 buckets are all encrypted. Could this be made into the default stance with the cloudformation templates?

We have updated the default template (Cross AZ, still to test on single AZ) and injected a few extra lines as part of our deploy script using the boto3 library. This all seems to be working, the pair comes up in a clustered state, and the backup directory is created in the S3 bucket. 

template['Resources']['S3Bucket']['Properties']['BucketEncryption'] = {
    "ServerSideEncryptionConfiguration": [
       {
          "ServerSideEncryptionByDefault": {
             "SSEAlogrithm": "AES256"
          }
       ]
   }

It would of course be much easier to deploy without having this extra step and gave the standard template encrypt by default.

Thanks,

Darren.

tmarfil commented 2 years ago

@shyawnkarim Customer request for enhancement to set the default encryption behavior for an S3 bucket so that all new objects are encrypted when they are stored in the bucket. More info: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html

shyawnkarim commented 2 years ago

Closing.

Encrypted buckets were added to our CSTv2 templates. Information can be found here.