Explanation:
To ensure that all objects uploaded to an Amazon S3 bucket are encrypted, the bucket policy should be configured to deny any PutObject requests that do not include the x-amz-server-side-encryption header. This header signals that server-side encryption is applied to the object. Option D is the correct answer because it enforces this policy at the bucket level, ensuring that all uploads are encrypted.
Ultimate access to all questions.
No comments yet.
How can a solutions architect enforce encryption for all objects uploaded to an Amazon S3 bucket?
A
By updating the bucket policy to reject PutObject requests missing an s3:x-amz-acl header.
B
By updating the bucket policy to reject PutObject requests with an s3:x-amz-acl header not set to private.
C
By updating the bucket policy to reject PutObject requests missing an aws:SecureTransport header set to true.
D
By updating the bucket policy to reject PutObject requests missing an x-amz-server-side-encryption header.