How to make S3 bucket with CMK public?

Team, I have a use case to make an S3 bucket public that is encrypted with Customer Managed Key. For private buckets, we grant the principals access to the Key in KMS service, but how do i grant access to KMS key for all the public users. I tried Principal * and it didn't work. Any suggestions?

主题

安全、身份和合规性 AWS 架构完善的框架

标签

AWS 智能钥匙管理服务 AWS 身份和访问权限管理 AWS IAM 身份中心安全

语言

English

balajepalli

已提问 2 个月前327 查看次数

1 回答

最新
投票最多
评论最多

Accessing to objects encrypted with SSE-KMS requires IAM permission to decrypt. If you need to make the objects completely public, either don't use the default bucket encryption or use SSE-S3.

专家

AWS-User-alantam

已回答 2 个月前

专家

Sedat Salman

已审核 2 个月前

专家

Oleksii Bebych

已审核 2 个月前

专家

Mikel Del Tio

已审核 2 个月前

balajepalli
2 个月前
To be sure, you are saying if i have to make my objects public I can only use SSE-S3, right?
AWS-User-alantam 专家
2 个月前
yes, if you want to make the objects publicly available to everyone without authentication.

How to make S3 bucket with CMK public?

相关内容