Posted On: Jul 23, 2019
Customers in Amazon Web Services China (Beijing) region operated by Sinnet and Amazon Web Services China (Ningxia) region operated by NWCD can now use Server-Side Encryption with Amazon KMS-Managed Keys (SSE-KMS) to encrypt their data at rest in Amazon S3.
With Server-Side Encryption, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. SSE-KMS is one among three mutually exclusive options available to you depending on how you choose to manage the encryption keys.
With SSE-KMS, each object is encrypted with a unique key. There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) that provides added protection against unauthorized access of your objects in Amazon S3. SSE-KMS also provides you with an audit trail of when your key was used and by whom. Additionally, you have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the service you're using, and the Region you're working in.
For more information, see Protecting Data Using Server-Side Encryption with Amazon KMS–Managed Keys (SSE-KMS) in the Amazon S3 Developer Guide. For more information on Amazon KMS, see What is Amazon Key Management Service? in the Amazon Key Management Service Developer Guide. There are additional charges for using Amazon KMS keys. For more information, see Amazon Key Management Service Pricing.