Search code examples
encryptionamazon-web-servicesamazon-s3filepicker.io

Filepicker.io with S3 encryption

I'm using Filepicker.io, hooked up to my own S3 bucket. I'd like to enable server-side encryption on all new files uploaded to the bucket.

I followed these instructions http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html to add a bucket policy which requires that all new objects be encrypted (of course replacing "YourBucket" with my actual bucket name):

{
   "Version":"2012-10-17",
   "Id":"PutObjPolicy",
   "Statement":[{
         "Sid":"DenyUnEncryptedObjectUploads",
         "Effect":"Deny",
         "Principal":"*",
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::YourBucket/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption":"AES256"
            }
         }
      }
   ]
}

I then checked "S3 Encryption" in Filepicker's "Amazon S3 Configuration" section:

S3 Encryption checked

But "Test S3 settings" fails:

Test S3 settings failure

Note that the test succeeds when the bucket policy is removed.

Solution

  • I received this answer from Filepicker customer support:

    Hi, Looks like our test in dev portal does not deal properly with encryption option. However your files should be saved properly anyway. Can you please make some tests? Thanks,

    Filepikcer Tech Team

    And sure enough, it actually all seems to work as expected. So it seems that the "Test S3 settings" feature is buggy, but S3 encryption works everywhere else.