<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3990729&amp;fmt=gif">

Technology - HIPAA - Mon Oct 5 2020

How to Enable Encryption on AWS S3 bucket

Following with our HIPAA recommendations, another step we need to do on our cloud infrastructure to secure our data for HIPAA is data at rest encryption.

In case you are using AWS S3 buckets to store PHI data, follow the instructions below to have that data encrypted.

Process to encrypt data


  1. Login to AWS management console and go to S3 section
  2. Choose the bucket that corresponds to your application


  1. Go to properties → Default encryption
  2. Choose AES-256

Default encryption option AES-256

  1. Save

Enabling default encryption doesn’t change the encryption of objects that are already in the bucket. After you enable default encryption, the encryption that you set applies only to future uploads. For example, if you enable server-side encryption with AWS KMS (SSE-KMS) on the bucket, then any unencrypted objects already in the bucket remain unencrypted. Additionally, any objects already encrypted using Amazon S3-managed keys (SSE-S3) remain encrypted with SSE-S3.

To change the encryption of an existing object to SSE-KMS, you must re-upload the object. Or, you can copy the object over itself.

Using CLI the command to encrypt all existent objects would be something like this:

aws s3 cp s3://bucket-name/ s3://bucket-name/ — recursive — sse

How to prepare for an interview with a US company

More on Technology - HIPAA

Fabricio Pautasso

Lead Engineer
I’m interested in challenging projects that allows me to work with emerging technologies.

Our latest posts straight to your inbox: