, which of the below mentioned statements is true?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A user has enabled versioning on an S3 bucket.The user is using server side encryption for data at Rest.If the user is supplying his own keys for encryption(SSE-C.

, which of the below mentioned statements is true?

The user should use the same encryption key for all versions of the same object

It is possible to have different encryption keys for different versions of the same object

AWS S3 does not allow the user to upload his own keys for server side encryption

The SSE-C does not work when versioning is enabled

Explanations:

When using SSE-C, the user can use different encryption keys for different versions of the same object. There is no requirement to use the same encryption key for different versions.

SSE-C allows using different encryption keys for different versions of the same object. Each version of the object can be encrypted with a different key.

AWS S3 allows the user to upload their own encryption keys (SSE-C). It does not require AWS-managed keys (SSE-S3) or KMS keys (SSE-KMS).

SSE-C works with versioning enabled. It does not have a limitation with versioned objects in S3, and the user can upload multiple versions of the object encrypted with their own keys.

2025-09-28

1 Comment

  1. Martha
    Author

    If memory serves me right, the answer is:
    It is possible to have different encryption keys for different versions of the same object

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − 2 =