https://aws.amazon.com/polly/ At AWS, security is https://aws.amazon.com/blogs/enterprise-strategy/security-at-aws/. Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option.

You can log data events for Amazon S3 buckets, AWS Lambda functions, Amazon DynamoDB tables, or a combination of those.

When Amazon S3 automatically encrypts an object using the default encryption settings, the log includes the following field as the name-value pair: "SSEApplied":"Default_SSE_S3".

https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html lets Amazon S3 perform the encryption and decryption of your objects while you retain control of the keys used to encrypt objects.

Related Articles