Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Cannot change "default encryption settings"

qna87 wrote:

What if the "default encryption settings" for the S3 bucket is not something I have control over changing? How can I set WinSCP to do AES 256 encryption on an S3 bucket where I have access to upload files, but only if I can set the server side encryption on the client side?

Your other post:
https://winscp.net/forum/viewtopic.php?t=27957
qna87

Cannot change "default encryption settings"

What if the "default encryption settings" for the S3 bucket is not something I have control over changing? How can I set WinSCP to do AES 256 encryption on an S3 bucket where I have access to upload files, but only if I can set the server side encryption on the client side?
martin

Thanks for your feedback.
Rinaldo

Thanks Martin, that's fixed it.
martin

Re: Upload failure to S3 bucket with server-side encryption

OK, I've read more about this.

Do I understand right that your bucket relies on a client to ask for object encryption using x-amz-server-side-encryption header? And it has a policy to rejects any uploads that doesn't have the header set. Is that correct?
https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/

While, what I did is that I've set default encryption setting for my bucket. With that setting, client (WinSCP) does not need to do anything special. All stored/uploaded files are encrypted by default.

The "default encryption settings" seems like a better option for your needs. It was added only a year ago, so it may be why your bucket is using the "old" method.
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
Rinaldo

Re: Upload failure to S3 bucket with server-side encryption

martin wrote:

I have created a new bucket with AES-256 encryption. And I had no problems with uploading files to the bucket using an account with AmazonS3FullAccess policy.


Thanks for looking into this Martin. I'm still having problems with upload. My winSCP version is 5.13.5. Are there any special settings you need to set in winSCP to use server-side encryption? In particular, to use S3 server-side encryption, the HTTP header must have:
x-amz-server-side-encryption = AES256

Thanks,
Rinaldo
martin

Re: Upload failure to S3 bucket with server-side encryption

I have created a new bucket with AES-256 encryption. And I had no problems with uploading files to the bucket using an account with AmazonS3FullAccess policy.
Rinaldo

Upload failure to S3 bucket with server-side encryption

I have an S3 bucket with server-side encryption enabled.
I can successfully use winSCP to connect to the bucket and download files. However I get an 'Access Denied' error if I try and upload files.

Is upload to a server-side encrypted S3 bucket supported by winSCP?