Which solution will meet this requirement?

By:
In: DVA-C01
Tagged:
With: 1 Comment
A company has an application that generates large binary data outside of AWS.The company must encrypt the data before uploading the data to an Amazon S3 bucket.

Which solution will meet this requirement?

Use the AWS Key Management Service (AWS KMS) encrypt command in the AWS CLI.

Configure server-side encryption on the S3 bucket.

Use the AWS Encryption SDK to perform client-side encryption of the data.

Specify the x-amz-server-side-encryption header when uploading the data to the S3 bucket.

Explanations:

Theaws kms encryptcommand is used to encrypt data, but it is intended for client-side encryption before uploading to S3. This option does not directly apply to the upload process.

Configuring server-side encryption on the S3 bucket will encrypt the data after it is uploaded. The requirement is to encrypt the data before uploading it, so this doesn’t meet the need.

The AWS Encryption SDK provides client-side encryption. The company can use it to encrypt the data before uploading it to S3, which matches the requirement.

Thex-amz-server-side-encryptionheader is used to specify server-side encryption during the upload process. It does not fulfill the requirement of encrypting data before upload.

2025-10-04

1 Comment

  1. Anthony
    Author

    It appears that the answer is:
    Use the AWS Encryption SDK to perform client-side encryption of the data.

Leave a Reply

Your email address will not be published. Required fields are marked *

18 − six =