Amazon Web Services (AWS) - Remove S3 Bucket Encryption using the AWS CLI

by
Jeremy Canfield |
Updated: March 23 2024
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
An S3 Bucket is similar to an NFS share in that it is a mountable storage volume.
The aws s3api list-buckets command can be used to list your S3 buckets.
~]$ aws s3api list-buckets
{
"Buckets": [
{
"Name": "my-bucket-abcdefg",
"CreationDate": "2023-06-02T02:22:19+00:00"
}
],
"Owner": {
"DisplayName": "john.doe",
"ID": "ab0e0a41234567893a77c82240d5abcdc41ff11c123456789c777a5123443743"
}
}
The s3api get-bucket-encryption command can be used to determine if an S3 Bucket has encryption enabled, and if so, to list the encryption algorithm, such as AES256.
~]$ aws s3api get-bucket-encryption --bucket my-bucket-abcdefg
{
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
},
"BucketKeyEnabled": true
}
]
}
}
The aws s3api delete-bucket-encryption command can remove encryption from the S3 Bucket.
aws s3api delete-bucket-encryption --bucket my-bucket-abcdefg
Now the s3api get-bucket-encryption command should have "BucketKeyEnabled": false.
~]$ aws s3api get-bucket-encryption --bucket my-bucket-abcdefg
{
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
},
"BucketKeyEnabled": true
}
]
}
}
Did you find this article helpful?
If so, consider buying me a coffee over at