AWS S3 Encryption

Enterprise design
Project Overview
DSSE-KMS (Dual-Layered Server-Side Encryption with AWS Key Management Service) in Amazon S3 is an encryption method that provides double encryption for added security. With DSSE-KMS, data stored in S3 is encrypted using two independent layers of encryption, both managed by AWS KMS, each with a distinct encryption key.
Team
1 UX designer (Myself)
1 UX writer
3 Engineers
1 PM
Related Link
Discover

What is Amazon S3?

Amazon S3 (Simple Storage Service) is a scalable cloud storage service provided by Amazon Web Services, designed for storing and retrieving any amount of data from anywhere on the web.

What is the problem?

Currently data stored in S3 has only a single layer of encryption, which could leave it more vulnerable if the encryption key is compromised. This may also impact industries with strict data security requirements—like finance, healthcare, or government—where dual-layered encryption is often necessary to ensure data integrity and mitigate risk.

Who is the target user?

What is the solution?

To address the user's needs, we introduced DSSE-KMS(dual-layer server-side encryption with keys stored in AWS Key Management Service). This solution allows users to leverage a single platform for secure encryption, simplifying the process while ensuring compliance requirements are easily met.

Design

Configuration

Added DSSE under Encryption type and updated the following options.

Show Destination details

Since we added DSSE to the bucket creation flow, the destination feature should include DSSE information.

Read-only view

Updated the read-only view after creation or update.

After launching

Impact

  • Financial institutions, healthcare providers, and government agencies are able to adopt the DSSE-KMS feature, though the name is confidential.
  • The S3 console, which consists of over 100 screens, now includes DSSE features across 9 key functionalities, such as bucket creation, data upload, copying, and replication.
  • This enhancement supports the Department of Defense's JWCC contract, a critical initiative valued at approximately $10 billion.