A developer is maintaining an application that leverages an Amazon S3 bucket for data storage. This application interacts with the bucket through an HTTP API to perform operations such as storing and retrieving objects. It is crucial that whenever the PutObject API operation is invoked to add objects to the S3 bucket, the objects must be encrypted at rest using server-side encryption with Amazon S3-managed keys (SSE-S3).

Which strategy will ensure that any upload request that does not comply with the required encryption is automatically rejected and not processed?

Exam-Like

Invoke the PutObject API operation and set the x-amz-server-side-encryption header as sse:s3. Use an S3 bucket policy to deny permission to upload an object unless the request has this header

20.8%

nvoke the PutObject API operation and set the x-amz-server-side-encryption header as aws:kms. Use an S3 bucket policy to deny permission to upload an object unless the request has this header

14.6%

Invoke the PutObject API operation and set the x-amz-server-side-encryption header as AES256. Use an S3 bucket policy to deny permission to upload an object unless the request has this header

45.8%

Set the encryption key for SSE-S3 in the HTTP header of every request. Use an S3 bucket policy to deny permission to upload an object unless the request has this header

18.8%

AWS Certified Developer - Associate

Comments

Get started today