The document presents a discussion by Jimmy Dahlqvist on encrypting data in Amazon S3 using AWS Step Functions. It outlines the problem of server-side encryption compliance and provides a solution utilizing AWS S3's default encryption with SSE-KMS alongside Step Functions for managing encryption of both existing and new objects. The session also covers potential challenges, including limitations of the S3 SDK for copying large objects.

1. JIMMY DAHLQVIST | 2024-03-14
Encrypting data in S3 with
StepFunctions

2. @jimmydahlqvist
Todays agenda
• The problem
• StepFunctions
• Gotchas
• Build It!

3. @jimmydahlqvist
JIMMY DAHLQVIST
Serverless enthusiast
AWS Ambassador & AWS Community Builder & User Group Leader
Founder of serverless-handbook.com
Head of AWS @ Sigma Technology Cloud
§

4. @jimmydahlqvist
Problem
• Server-side encryption with Amazon S3 managed keys (SSE-S3)
• Thousands of objects
• New compliance requirement
• SSE-KMS (Customer managed keys)
• Encrypt existing and new objects

5. @jimmydahlqvist
Solution
• AWS S3 default encryption SSE-KMS
• Alternative set a bucket policy
• AWS StepFunctions to the rescue
• No-Code / Low-Code solution

7. @jimmydahlqvist
StepFunctions
• Distributed Map State
• Loop over all objects
• S3 integration, copy object
• Choice To check encryption

8. @jimmydahlqvist
Service / SDK integrations
• 15+ service integrations
• 200+ SDK integrations

9. @jimmydahlqvist
StepFunction

10. @jimmydahlqvist
StepFunction

11. @jimmydahlqvist
StepFunction

12. @jimmydahlqvist
StepFunction

13. @jimmydahlqvist
StepFunction

14. @jimmydahlqvist
StepFunction

15. @jimmydahlqvist
Gotchas
• S3 SDK copy support objects up to 5GB in size

16. Build It

17. @jimmydahlqvist
B
B
@jimmydahlqvist
dahlqvistjimmy
https://serverless-handbook.com
https://jimmydqv.com
THANK YOU