Support S3 bucket encryption

awslabs / aws-servicebroker

AWS Service Broker

Apache License 2.0

468 stars 131 forks source link

Support S3 bucket encryption #102

Open abessifi opened 5 years ago

abessifi commented 5 years ago

User story

As a OpenShift/Kubernetes user, I want that AWS Broker support S3 bucket encryption so that the created S3 bucket is secured.

Describe the solution you'd like

Default behaviour: Encryption disable. Type of encryption when enabled: Server-Side encryption AES-256.

Additional context

More about the feature: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html

abessifi commented 5 years ago

This can be done using custom cloudformation template but it is better to include the encryption option in the default template with parameters. Example of a snippet config I've used:

[...]
Resources:
  S3bucket:
    Type: AWS::S3::Bucket
    Properties:
      [...]
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
[...]

JamesMGerstenberg commented 5 years ago

Any Updates on this ?

abessifi commented 5 years ago

Hi @JamesMGerstenberg, I don't have any idea if that bucket encryption option will be implemented soon or not, but anyway you can try the above solution by using a custom CF template.