Unencrypted S3 bucket can lead to data leak

Severity	Exploitability	Providers	Categories
HIGH	HIGH	AWS	PERMISSION

Description

AWS S3 buckets should be encrypted to protect the data if accesses are compromised.

There are two types of server-side encryption for Amazon S3 buckets:

Server-Side Encryption with Amazon S3-managed keys (SSE-S3)
Server-Side Encryption with AWS Key Management Service keys (SSE-KMS)

There are no additional charges with SSE-S3. For SSE-KMS, AWS KMS charges apply. However, KMS are considered more secure since they provide more control to the customer and allow keys rotation.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	False

Misconfigured permissions or direct access to storage drives can lead to data leak.

Remediation guidelines

Enable the encryption by default of the bucket

References

Protecting data using server-side encryption
Setting default server-side encryption behavior for Amazon S3 buckets

Unencrypted S3 bucket can lead to data leak

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Unencrypted S3 bucket can lead to data leak

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References