上传到 S3 的文件都必须加密

通过RCP要求比如生产账户里的存储桶的文件上传时都必须经过加密。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EnforceKMSEncryption",
            "Effect": "Deny",
            "Principal": "*",
            "Action": [
            	"s3:PutObject",
                "s3:ReplicateObject"
                ],
            "Resource": "*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption-aws-kms-key-id": "true"
                }
            }
        }
    ]
}

上一页增强网络防护边界下一页VPC端点策略(VPC endpoint policies)示例策略

最后更新于