AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
A company stores important documents in Amazon S3 buckets and has identified that some buckets lack encryption. The company mandates that all S3 buckets, both existing and newly created, must be encrypted with server-side encryption using the 256-bit Advanced Encryption Standard (AES-256). What solution should a DevOps engineer implement to enforce this encryption requirement across all S3 buckets?
A company stores important documents in Amazon S3 buckets and has identified that some buckets lack encryption. The company mandates that all S3 buckets, both existing and newly created, must be encrypted with server-side encryption using the 256-bit Advanced Encryption Standard (AES-256). What solution should a DevOps engineer implement to enforce this encryption requirement across all S3 buckets?
Exam-Like
A
Develop an AWS Lambda function triggered periodically by an Amazon EventBridge scheduled rule to assess the encryption status of all S3 buckets and apply AES-256 encryption to those without an encryption configuration.
0.0%
B
Configure the s3-bucket-server-side-encryption-enabled AWS Config managed rule to utilize the AWS-EnableS3BucketEncryption AWS Systems Manager Automation runbook for remediation, and manually initiate a re-evaluation to confirm compliance of existing S3 buckets.
Comments
Loading comments...