Which type of keys should the developer use to meet these requirements?

By:
In: DVA-C02
Tagged:
With: 1 Comment
A developer is planning to migrate on-premises company data to Amazon S3.The data must be encrypted, and the encryption keys must support automatic annual rotation.The company must use AWS Key Management Service (AWS KMS) to encrypt the data.

Which type of keys should the developer use to meet these requirements?

Amazon S3 managed keys

Symmetric customer managed keys with key material that is generated by AWS

Asymmetric customer managed keys with key material that is generated by AWS

Symmetric customer managed keys with imported key material

Explanations:

Amazon S3 managed keys (SSE-S3) are managed by AWS and do not allow for automatic annual key rotation by the user. They do not provide control over the keys as required by the scenario.

Symmetric customer managed keys with key material generated by AWS support automatic annual rotation. They allow the company to manage their encryption keys using AWS KMS, meeting the requirement for encrypted data with automatic key rotation.

Asymmetric customer managed keys are not suitable for encrypting data in S3 since S3 requires symmetric keys for encryption. Additionally, AWS KMS does not support automatic rotation for asymmetric keys.

Symmetric customer managed keys with imported key material do not support automatic rotation, as the imported key material must be managed manually. This does not meet the requirement for automatic annual rotation of keys.

2025-10-11

1 Comment

  1. Caleb
    Author

    I scheme that the answer is:
    Symmetric customer managed keys with key material that is generated by AWS

Leave a Reply

Your email address will not be published. Required fields are marked *

one × 4 =