Skip to content

fix(aws): block SSE-C and disable bucket keys on S3 buckets#176

Open
rhefner1 wants to merge 1 commit into
masterfrom
fix/s3-block-sse-c-encryption
Open

fix(aws): block SSE-C and disable bucket keys on S3 buckets#176
rhefner1 wants to merge 1 commit into
masterfrom
fix/s3-block-sse-c-encryption

Conversation

@rhefner1

@rhefner1 rhefner1 commented Jun 10, 2026

Copy link
Copy Markdown
Member

What

Tightens the server-side encryption configuration on the AWS S3 buckets (both the main buckets set and the starrocks bucket):

  • blocked_encryption_types = ["SSE-C"] — reject customer-provided-key (SSE-C) uploads.
  • bucket_key_enabled = false — do not use S3 bucket keys.

AES256 SSE remains the only accepted encryption. Isolated change to aws/s3.tf.

🤖 Generated with Claude Code

@rhefner1 @claude
fix(aws): block SSE-C and disable bucket keys on S3 buckets
41722db 
Harden the server-side encryption config on both the main and StarRocks
buckets: reject SSE-C uploads (blocked_encryption_types) and disable S3
bucket keys, keeping AES256 SSE the only accepted encryption.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhefner1