Enabling AWS KMS Encryption for S3 Cloud Storage

AWS Key Management Service (KMS) is an Amazon web service that uses customer master keys to encrypt files uploaded to S3 cloud storage. To configure S3 server side encryption (SSE) with KMS, you must meet the following prerequisites:
  • Your Aspera transfer server must be version 3.6.1 or later.
  • your server is located in the same region as your S3 bucket.
  • You need to have root access to your Aspera server for configurations and service restarting.
  • You have decided if you plan to use the default KMS Key, or prefer to use a specific one.
    Note: If you want to use a specific one, you will need access to your AWS console, to created a key using the AWS IAM role console. For instructions on creating keys for KMS, see AWS Key Management Service Developer Guide: Creating Keys at https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html.
Follow the instructions below to:
  1. Configure S3 SSE with KMS systemwide or on a user-by-user basis through individual docroots.
  2. Verify that transferred files are properly encrypted.