Home / Amazon / SAA-C02 / Question 52

A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.What should a solutions architect use to accomplish this?

• A. Server-Side Encryption with keys stored in an S3 bucket

• B. Server-Side Encryption with Customer-Provided Keys (SSE-C)

• C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

• D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

AWS KMS is a managed service that enables you to easily create and control the keys used for cryptographic operations. The service provides a highly available key generation, storage, management, and auditing solution for you to encrypt or digitally sign data within your own applications or control the encryption of data across AWS services.

AWS Key Management Service FAQs