What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

By:
In: DVA-C01
Tagged:
With: 1 Comment
A developer uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to store data in Amazon S3.The developer needs to decrypt and download the encrypted objects by using the GetObject API call.

What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

The S3 object key only

The S3 object key and the encryption key

The S3 object key and the Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) key

The S3 object key and a randomly salted Hash-based Message Authentication Code (HMAC) value of the encryption key

Explanations:

SSE-S3 uses Amazon S3 managed keys, so only the S3 object key is needed to decrypt the object. S3 handles the decryption automatically.

SSE-S3 does not require the encryption key to be provided by the developer, as S3 handles encryption and decryption automatically.

This option is relevant for SSE-KMS (AWS Key Management Service), not SSE-S3. SSE-S3 does not require the KMS key ARN.

SSE-S3 does not use HMAC or require any manual handling of encryption keys. Decryption is automatically managed by S3.

2025-10-12

1 Comment

  1. Douglas
    Author

    I compute that the answer is:
    The S3 object key only

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × 3 =