Use the procedures in this section to encrypt your AWS S3 buckets using AWS Key Management Service (AWS KMS).
We recommend that you use AWS KMS to encrypt your S3 buckets used with Carbon Black Cloud Data Forwarder. Using server-side encryption (SSE) with AWS KMS means that if the S3 bucket is accidentally opened up to the world, only those with the customer managed key (CMK) can decrypt files stored in the AWS KMS encrypted bucket.
Note: SSE-KMS provides an audit trail that shows when a CMK was used and by whom.
Important: Each key policy is effective only in the Region that hosts the KMS key. Cross-Region is not possible between Data Forwarder and S3 bucket.
KMS and Integrations
When integrating with an application such as Splunk to pull data out of the bucket, you must also grant sufficient access to the (Bucket, KMS key) for the integration's User or Role to retrieve unencrypted data from the bucket.