AWS AmazonS3 documentation change
Summary
Added new section 'Listing objects that aren't encrypted' with example query to detect unencrypted objects
Security assessment
Adds documentation about identifying unencrypted objects, which supports security best practices but does not address a specific vulnerability.
Diff
diff --git a/AmazonS3/latest/userguide/metadata-tables-example-queries.md b/AmazonS3/latest/userguide/metadata-tables-example-queries.md index 5944e99b0..97a769bcc 100644 --- a//AmazonS3/latest/userguide/metadata-tables-example-queries.md +++ b//AmazonS3/latest/userguide/metadata-tables-example-queries.md @@ -49,0 +50,2 @@ Remember when using these examples: + * [Listing objects that aren't encrypted](./metadata-tables-example-queries.html#metadata-tables-example-query-objects-not-encrypted) + @@ -209,0 +212,9 @@ The following query returns objects that aren't encrypted with SSE-KMS: +### Listing objects that aren't encrypted + +The following query returns objects that aren't encrypted: + + + SELECT bucket, key, version_id + FROM "s3tablescatalog/aws-s3"."b_general-purpose-bucket-name"."inventory" + WHERE encryption_status IS NULL; +