A storage admin wants to encrypt all the objects stored in S3 using server side encryption. The user does not want to use the AES 256 encryption key provided by S3. How can the user achieve this?
A.
The admin should upload his secret key to the AWS console and let S3 decrypt the objects
B.
The admin should use CLI or API to upload the encryption key to the S3 bucket. When making a call to the S3 API mention the encryption key URL in each request
C.
S3 does not support client supplied encryption keys for server side encryption
D.
The admin should send the keys and encryption algorithm with each API call
Suggested Answer:D🗳️
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key. Amazon S3 never stores the user's encryption key. The user has to supply it for each encryption or decryption call.
If the user wants to provide their own encryption keys for server-side encryption (SSE-C), they can achieve this by encrypting the data using their encryption key locally and then sending the encrypted data to Amazon S3 along with the necessary encryption information (keys and algorithm) in each API call. This way, the user maintains control over the encryption keys and the encryption process.
Does Ans D says SSE -c or SDK Self managed key ?
https://cloudonaut.io/encrypting-sensitive-data-stored-on-s3/#:~:targetText=SSE%2DKMS%20is%20very%20similar,service%20and%20not%20by%20S3.&targetText=The%20default%20key%20policy%20allows,encrypt%2Fdecrypt%20using%20the%20CMK
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
albert_kuo
8 months, 3 weeks agoawscertified
2 years, 6 months agokarmaah
2 years, 7 months ago