Sélectionner vos préférences de cookies

Nous utilisons des cookies essentiels et des outils similaires qui sont nécessaires au fonctionnement de notre site et à la fourniture de nos services. Nous utilisons des cookies de performance pour collecter des statistiques anonymes afin de comprendre comment les clients utilisent notre site et d’apporter des améliorations. Les cookies essentiels ne peuvent pas être désactivés, mais vous pouvez cliquer sur « Personnaliser » ou « Refuser » pour refuser les cookies de performance.

Si vous êtes d’accord, AWS et les tiers approuvés utiliseront également des cookies pour fournir des fonctionnalités utiles au site, mémoriser vos préférences et afficher du contenu pertinent, y compris des publicités pertinentes. Pour accepter ou refuser tous les cookies non essentiels, cliquez sur « Accepter » ou « Refuser ». Pour effectuer des choix plus détaillés, cliquez sur « Personnaliser ».

Encrypt objects stored by File Gateway in Amazon S3

Mode de mise au point
Encrypt objects stored by File Gateway in Amazon S3 - AWS Storage Gateway
Cette page n'a pas été traduite dans votre langue. Demande de traduction

S3 File Gateway supports the following methods of server-side encryption for the data that it stores in Amazon S3:

  • SSE-S3 — By default, all new objects uploaded to Amazon S3 buckets use server-side encryption with Amazon S3 managed keys. For more information, see Using server-side encryption with Amazon S3 managed keys in the Amazon Simple Storage Service User Guide.

  • SSE-KMS — You can configure your file share to use server-side encryption with AWS Key Management Service (AWS KMS) managed keys. AWS KMS is a service that combines secure, highly available hardware and software to provide a key management system scaled for the cloud. For more information, see What is AWS Key Management Service? in the AWS Key Management Service Developer Guide.

  • DSSE-KMS — Dual-layer server-side encryption with AWS KMS keys applies two layers of encryption to objects when they are uploaded to Amazon S3. This helps fulfill compliance standards for multilayer encryption. For more information, see Using dual-layer server-side encryption with AWS KMS keys in the Amazon Simple Storage Service User Guide.

    Note

    There are additional charges for using DSSE-KMS and AWS KMS keys. For more information, see AWS KMS pricing.

You can specify an encryption method when you create a new file share by using the Storage Gateway console or the Storage Gateway API. For console procedures, see Create an NFS file share with a custom configuration or Create an SMB file share with a custom configuration. For information about the corresponding API commands, see CreateNFSFileShare or CreateSMBFileShare in the AWS Storage Gateway API Reference.

You can also update encryption settings for an existing file share using the Storage Gateway console, or the Storage Gateway API. For the console procedure, see Change the server-side encryption method for an existing file share. For information about the corresponding API commands, see UpdateNFSFileShare or UpdateSMBFileShare in the AWS Storage Gateway API Reference.

Note

After you update the encryption method, the gateway uses the new method for all new objects it creates in Amazon S3 and for any stored objects that it updates or modifies in the future. Existing Amazon S3 objects will only receive the new encryption method if they are updated or modified by the gateway.

Important

Make sure that your file share uses the same encryption type as the Amazon S3 bucket where it stores your data.

If you configure your File Gateway to use SSE-KMS or DSSE-KMS for encryption, you must manually add kms:Encrypt, kms:Decrypt, kms:ReEncrypt*, kms:GenerateDataKey, and kms:DescribeKey permissions to the IAM role associated with the file share. For more information, see Using Identity-Based Policies (IAM Policies) for Storage Gateway.

Rubrique suivante :

Create an NFS file share

Rubrique précédente :

Avoid unanticipated costs
ConfidentialitéConditions d'utilisation du sitePréférences de cookies
© 2025, Amazon Web Services, Inc. ou ses affiliés. Tous droits réservés.