Server side encryption with S3 (SSE-S3) is the easiest way to encrypt data at rest on S3. This is the recommended option when using encryption.
Configure a user with
addsftpuser. When presented with encryption options, choose
Files transferred to the user's uploads directory will be encrypted with SSE-S3. These files will still be readable from the AWS console.
You will need to use the AWS CLI if you want to encrypt files with SSE-S3 in other S3 locations, such as:
This is the syntax to use:
aws s3api put-object \ --body file.txt \ --bucket sftpgateway-i-0123456789abcde \ --key testuser/downloads/file.txt \ --server-side-encryption AES256