Answer-first summary for fast verification
Answer: By updating the bucket policy to reject PutObject requests missing an x-amz-server-side-encryption header.
To ensure that all objects uploaded to an Amazon S3 bucket are encrypted, the bucket policy should be configured to deny any PutObject requests that do not include the x-amz-server-side-encryption header. This header signals that server-side encryption is applied to the object. Option D is the correct answer because it enforces this policy at the bucket level, ensuring that all uploads are encrypted.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a solutions architect enforce encryption for all objects uploaded to an Amazon S3 bucket?
A
By updating the bucket policy to reject PutObject requests missing an s3:x-amz-acl header.
B
By updating the bucket policy to reject PutObject requests with an s3:x-amz-acl header not set to private.
C
By updating the bucket policy to reject PutObject requests missing an aws:SecureTransport header set to true.
D
By updating the bucket policy to reject PutObject requests missing an x-amz-server-side-encryption header.
No comments yet.