Encrypting AWS S3 Bucket

The XKS proxy acts as a controllable kill switch.When you deactivate the XKS proxy, all ongoing encryption and decryption operations using XKS keys will cease.

However, AWS services that have already loaded a data key into memory for a resource will continue to function until you deactivate the resource or the service key cache expires. For example, Amazon S3 retains cached data keys for a short period when bucket keys are enabled.

S3 Bucket Key Configuration with SSE-KMS

For more information, refer to the AWS documentation.

You might be interested in

• Getting Started with XKS Proxy for AWS
• AWS Bring Your Own Key (BYOK)