AWS S3 Encryption and Access Logs

Build on your AWS S3 skills by learning about S3 encryption and access logs.

Encryption in S3

We can encrypt our objects in S3, which is a third-party server. This fulfills compliance and security requirements in organizations that need an extra layer of security in case these servers are compromised. S3 offers four types of encryption, and understanding them is essential for the exam.

We can encrypt our objects in S3 using server-side encryption (SSE). S3 offers three types of SSE:

  • SSE-KMS: Server-side encryption using AWS KMS keys.
  • SSE-C: Server-side encryption using client-provided encryption keys.
  • SSE-S3: Server-side encryption using keys fully managed by S3.


  • S3 encrypts data using encryption keys in the AWS KMS service.
  • Users can manage their keys in KMS and use them for S3 encryption.
  • To encrypt data using SSE-KMS, we must set the header “x-amz-server-side-encryption”: “aws:kms”.

Get hands-on with 1200+ tech skills courses.