AWS | S3 Bucket keys

AWS announced s3 bucket keys which reduce the calls to the KMS (Key Management Service) when objects in S3 are encrypted/decrypted. If you have used S3 as data lake, you know how big the savings are!

Take a look at the announcement here

Although, the official documentation does not dig deep into the following :

• bucketKeyEnabled option can be set at the bucket level.
• For cases where you cannot have a single encryption key for the entire bucket, you generally set encryption key per object in s3. And this bucketKeyEnabled option can even be set at the object level. Note that there are no limits at s3 as to how many objects in a bucket are used with this option enabled as well.

For more details on the S3 access pattern; KMS limit issue when using S3 as data lake; and measuring calls from S3 to KMS using Cloud trail, refer the README here

References :

• https://github.com/vinodhinic/s3-bucket-keys
• https://stackoverflow.com/questions/65291066/aws-s3-bucket-key-enabled
• https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html