How to enforce AWS server-side encryption on your Amazon backup bucket

Here are instructions for how to enforce AWS server-side encryption on your Amazon backup bucket:

Select a bucket and select “Properties” from the drop-down menu:
Select “Permissions,” then click “Edit bucket policy”:
The policy editor will open:

Enter a policy that will force all uploads to be encrypted. Here is an example of a policy that will force that all cloudHQ uploads to be encrypted (AWS will forbid any non-encyrpted uploads and cloudHQ will follow the rule):

{
      "Version" : "2012-10-17",
           "Id" : "PutObjPolicy",
    "Statement" : [
         {
                  "Sid" : "DenyIncorrectEncryptionHeader",
               "Effect" : "Deny",
            "Principal" : "*",
               "Action" : "s3:PutObject",
             "Resource" : "arn:aws:s3:::acme-backup-bucket/*",
            "Condition" : {
                "StringNotEquals" : {
                    "s3:x-amz-server-side-encryption" : "AES256"
                }
            }
        },
        {
                  "Sid" : "DenyUnEncryptedObjectUploads",
               "Effect" : "Deny",
            "Principal" : "*",
               "Action" : "s3:PutObject",
             "Resource" : "arn:aws:s3:::acme-backup-bucket/*",
            "Condition" : {
                "Null" : {
                    "s3:x-amz-server-side-encryption" : "true"
                }
            }
        }
    ]
}

“Amazon

IMPORTANT: Replace arn:aws:s3:::acme-backup-bucket with your bucket name

Related Articles

IT Admin: How to back up Google Workspace (G Suite)

IT Admin: How to migrate Microsoft 365 Sharepoint Document Library to Egnyte Shared Folder

IT Admin: How to migrate Office365 Sharepoint Document Library to Google Workspace Shared Drive

IT Admin: How to back up Microsoft 365 (Office 365)

IT admin: How to manage cloudHQ users

IT admin: How to add Google Workspace users to join your cloudHQ team (if you are Google Workspace admin)