Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

The Plain Bucket

Max room.

Learn to secure S3 data at rest by finding unencrypted buckets, fixing them, and building securely.

medium

45 min

0

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

Access controls decide who can request your data. Encryption at provides extra protection in case credentials are compromised, permissions drift, or storage is exposed.

By default, encrypts all objects with SSE-, even if the bucket has no explicit bucket-level encryption. However, when dealing with compliance, you can use a customer-managed key, a separate decryption authorization, or a -backed key usage audit.

In this room, you will see how to add an extra layer of security for data at .

Learning Objectives

  • Understand the difference between SSE-, , and
  • How to identify what encryption type is applied to an bucket
  • Enable default on a bucket
  • Enforce operations

Prerequisites

Answer the questions below

Encryption is everywhere.