User Guide (API Version 2015-07-09)

View Your Default Amazon S3 SSE-KMS Encryption Keys

When you use the Create Pipeline wizard to create your first pipeline, an Amazon S3 bucket is created for you in the same region you created the pipeline. The bucket is used to store pipeline artifacts. When a pipeline runs, artifacts are put into and retrieved from the Amazon S3 bucket. By default, CodePipeline uses server-side encryption with the AWS KMS-managed keys (SSE-KMS) using the default key for Amazon S3 (the aws/s3 key). This key is created and stored in your AWS account. When artifacts are retrieved from the Amazon S3 bucket, CodePipeline uses the same SSE-KMS process to decrypt the artifact.

To view information about your default AWS KMS key, do the following:

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the service navigation pane, choose Encryption Keys. (If a welcome page appears, choose Get Started Now.)

  3. In Filter, choose the region for your pipeline. For example, if the pipeline was created in us-east-2, make sure the filter is set to US East (Ohio).

    For more information about the regions and endpoints available for CodePipeline, see Regions and Endpoints.

  4. In the list of encryption keys, choose the key with the alias used for your pipeline (by default, aws/s3). Basic information about the key will be displayed.