Severity: High
Description: This control ensures that "ServerSideEncryptionConfiguration" exists for a bucket. Configuring SSE for a bucket ensures that data stored in S3 bucket is encrypted at rest.
Remediation Steps:
Perform following to update S3 bucket public access :
Login to the AWS Management Console at https://console.aws.amazon.com.
Navigate to s3 console.
In the navigation pane, select buckets.
Click on the bucket to be modified, click Properties.
Choose Default encryption.
Choose AES-256 or AWS-KMS.
Choose Save.
Important:
Enabling default encryption may require an update in bucket policy. If AWS KMS option is used for default encryption configuration, it is subjected to the RPS limits of AWS KMS.
Setting Default Encryption (SSE) for an existing bucket does not encrypt existing objects in the bucket.
Reference: