AWS Storage Services

Enhancing S3 Bucket Security by Prohibiting Uploads of Unencrypted Objects

1 min read

Updated June 22, 2025

757 characters

{

"Version": "2012-10-17",

"Statement": [

{

  "Sid": "DenyIncorrectEncryptionHeader",

  "Effect": "Deny",

  "Principal": "*",

  "Action": "s3:PutObject",

  "Resource": "arn:aws:s3:::my-secure-bucket/*",

  "Condition": {

    "StringNotEquals": {

      "s3:x-amz-server-side-encryption": "aws:kms"

    }

  }

},

{

  "Sid": "DenyIncorrectKMSKey",

  "Effect": "Deny",

  "Principal": "*",

  "Action": "s3:PutObject",

  "Resource": "arn:aws:s3:::my-secure-bucket/*",

  "Condition": {

    "ArnNotEquals": {

      "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:us-east-1:123456789012:key/your-kms-key-id"

    }

  }

}

]

}

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide

Complete preparation for AWS certification exams

AWS Cookbook

Practical recipes for AWS cloud solutions

As an Amazon Associate, we earn from qualifying purchases.

Back to All