A company's serverless website utilizes an unencrypted Amazon S3 bucket as the origin for a CloudFront distribution. The solutions architect must implement encryption for existing and future S3 objects with minimal effort. What is the most efficient approach?

Exam-Like

Migrate to a new S3 bucket with default encryption, then transfer objects.

12.5%

Apply default encryption to the current S3 bucket, identify unencrypted objects with Inventory, and encrypt them using Batch Operations.

62.5%

Use AWS KMS to create an encryption key, enable server-side encryption with KMS keys on the S3 bucket, and enable versioning.

25.0%

Manually encrypt each unencrypted S3 object through the AWS Management Console.

0.0%

AWS Certified Solutions Architect - Associate