Using Presigned URL to Upload Objects to S3 With Encryption

Publish Date: Aug 1, 2025

Task

GOAL

Upload objects to S3 with encryption (AES256/KMS) using the created presigned URL.

Steps

1. A Mule application uses S3 connector to generate a presigned URL. Please set the method to PUT (default) and encryption to AES256/KMS. The below example uses AES256.

User-added image

2. Deploy the Mule application and trigger it to retrieve the presigned URL.

Sample response for presigned URL:

https://ah-bucket-1.s3.ap-southeast-2.amazonaws.com/ah-bucket-test-2?X-Amz-Security-Token=...

3. To upload with no encryption, send a PUT request to the presigned URL.

> curl -L -X PUT <presigned_url> \
--data 'payload'

When using encryption, additional headers are required.

For AES256:

curl -L -X PUT <presigned_url> \
-H "x-amz-server-side-encryption: AES256" \
--data 'payload'

For KMS:

curl -L -X PUT <presigned_url> \
-H "x-amz-server-side-encryption: aws:kms" \
--data 'payload'

External Resources

Specifying the AWS Key Management Service in Amazon S3 Using the REST API

Knowledge Article Number

001116011

Did this article solve your issue?

Let us know so we can improve!

Using Presigned URL to Upload Objects to S3 With Encryption

GOAL

External Resources

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List