A company stores millions of objects in an Amazon S3 bucket using the S3 Standard storage class. These objects are accessed frequently by an increasing number of users and applications. Currently, the objects are encrypted using server-side encryption with AWS KMS keys (SSE-KMS). Upon reviewing the monthly AWS invoice, a solutions architect identifies a rise in AWS KMS costs due to the high volume of requests from Amazon S3. To optimize costs with minimal changes to the application, which solution offers the least operational overhead?

Exam-Like

Create a new S3 bucket with server-side encryption using customer-provided keys (SSE-C), then copy the existing objects to this new bucket while specifying SSE-C.

0.0%

Create a new S3 bucket with server-side encryption using Amazon S3 managed keys (SSE-S3), and utilize S3 Batch Operations to copy the existing objects to this new bucket, specifying SSE-S3.

66.7%

Utilize AWS CloudHSM to store the encryption keys, create a new S3 bucket, and use S3 Batch Operations to copy the existing objects to this new bucket, encrypting the objects with keys from CloudHSM.

33.3%

Implement the S3 Intelligent-Tiering storage class for the S3 bucket and create an S3 Intelligent-Tiering archive configuration to transition objects not accessed for 90 days to S3 Glacier Deep Archive.

0.0%

AWS Certified Solutions Architect - Professional

Comments

Get started today