Data encryption in S3 on Outposts - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Data encryption in S3 on Outposts

By default, all data stored in Amazon S3 on Outposts is encrypted by using server-side encryption with Amazon S3 managed encryption keys (SSE-S3). For more information, see Using server-side encryption with Amazon S3-managed encryption keys (SSE-S3).

You can optionally use server-side encryption with customer-provided encryption keys (SSE-C). To use SSE-C, specify an encryption key as part of your object API requests. Server-side encryption encrypts only the object data, not the object metadata. For more information, see Using server-side encryption with customer-provided keys (SSE-C).

Note

S3 on Outposts doesn't support server-side encryption with Amazon Key Management Service (Amazon KMS) keys (SSE-KMS).