S-Drive Authentication Settings

On this page you can see your bucket name and File Upload Encryption setting and update/re-authenticate your credentials, including changing your bucket or file encryption type. You can also block public access to your bucket, and access your portal account.

Bucket Name Amazon bucket name used for S-Drive is displayed here.

File Upload Encryption Type Encryption used when files are uploaded to your S3 bucket. This can be the same type of encryption as configured in AWS for your bucket (see Configuring Encryption below) or can be different, which will override the setting in your bucket. You can also choose to use the same encryption as the bucket. The Encryption options are:

  • S3-Managed Keys (SSE-S3) (default)

  • AWS Key Managment Service (SSE-KMS)

  • Use same encryption as S3 bucket (not recommended if bucket is not encrypted)

Update Amazon S3 Credentials (Access Key, Secret Key) and Bucket Name You can display and update your Amazon S3 credentials and bucket name. See GETTING SET UP - AWS and Portal Accounts for more details.

Block Bucket Public Access If you created new a new S3 bucket during the first S-Drive configuration, your bucket is public by default. To change the S3 bucket access settings to private, click on this button.

S-Drive Account, Usage and Billing Information You can access your S-Drive portal account for account, usage and billing information.

 

Configuring Encryption

When files are uploaded to S-Drive and stored in your AWS bucket, they may be encrypted depending on your configuration. There are 2 parts to configuring how files will be encrypted, described as follows:

S3 Bucket Encryption

In AWS, you can choose the encryption method for your bucket. See Setting default server-side encryption behavior for Amazon S3 buckets for more information. The options are

  • Disable (no encryption is enabled on the bucket)

  • Enable - Amazon S3 Key (SSE-S3)

  • Enable - AWS Key Management Service key (SSE-KMS).

For SSE-KMS, only AWS managed key will work with S-Drive.

 

S-Drive File Upload Encryption

This setting determines how files will be encrypted when uploaded. The Upload File Encryption Type does not have to match your Bucket Encryption.

The options are

  • S3-Managed Keys (SSE-S3)

  • AWS Key Management Service (SSE-KMS)

  • Use same encryption as S3 Bucket - this setting uploads files with the encryption type configured on your S3 bucket

If your bucket encryption is disabled (no encryption) and you choose “Use same encryption as S3 Bucket, your files will not be encrypted.

This table shows what encryption method is used for each combination of settings. The S-Drive File Upload Encryption Type overrides the bucket encryption unless the S-Drive setting is “use same encryption as S3 bucket)

Bucket Encryption

S-Drive Configuration

Disable

Enable/Amazon S3 Key (SSE-S3)

Enable/AWS Key Management Service key (SSE-KMS)

Bucket Encryption

S-Drive Configuration

Disable

Enable/Amazon S3 Key (SSE-S3)

Enable/AWS Key Management Service key (SSE-KMS)

S3-Managed Keys (SSE-S3)

SSE-S3

SSE-S3

SSE-S3

AWS Key Management Service (SSE-KMS)

SSE-KMS

SSE-KMS

SSE-KMS

Use same encryption as S3 Bucket

No Encryption

SSE-S3

SSE-KMS

If you are upgrading from a previous version, check that the custom setting for this configuration has been created:

  • Go to Setup-->Custom Settings

  • Click Manage next to SDriveConfig

  • See if there is a setting for S3EncryptionType. It should be set to AES256. This is the value that corresponds to SSE-S3 and is the default value for S-Drive Configuration

  • If there is no custom setting called S3EncryptionType, create it:

    • From the page with the list of settings (after you clicked Manage), click New at the top

    • Under Name, enter S3EncryptionType

    • Under Value, enter AES256

  • Once this value is set, you can change it if needed by going to the S-Drive Configuration page shown above