In terms of server-side encryption, Heap currently supports only the Amazon S3-managed keys (SSE-S3) encryption key type. Buckets using the AWS Key Management Service key (SSE-KMS) encryption key type are not currently supported.
No additional user/role in S3 is required.
For instructions on how to edit your bucket’s default encryption, please see AWS’ documentation.
![](https://help.heap.io/wp-content/uploads/2023/03/connect-s3-1024x584.png)
This information is specific to Heap’s integration with Amazon S3. To learn more, see our guide S3 Integration.