What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

By: study aws cloud

On: January 8, 2025

Tagged: Developer Associate

With: 0 Comments

A developer uses server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to store data in Amazon S3.The developer needs to decrypt and download the encrypted objects by using the GetObject API call.

What is the LEAST amount of information that the developer must provide in the API call to meet this requirement?

The S3 object key only

The S3 object key and the encryption key

The S3 object key and the Amazon Resource Name (ARN) of the AWS Key Management Service (AWS KMS) key

The S3 object key and a randomly salted Hash-based Message Authentication Code (HMAC) value of the encryption key

Explanations:

SSE-S3 uses Amazon S3 managed keys, so only the S3 object key is needed to decrypt the object. S3 handles the decryption automatically.

SSE-S3 does not require the encryption key to be provided by the developer, as S3 handles encryption and decryption automatically.

This option is relevant for SSE-KMS (AWS Key Management Service), not SSE-S3. SSE-S3 does not require the KMS key ARN.

SSE-S3 does not use HMAC or require any manual handling of encryption keys. Decryption is automatically managed by S3.

Previous Post: Which AWS service should the company use to meet this requirement?

Next Post: Which solution will meet these requirements?

Leave a Reply Cancel reply