Answer-first summary for fast verification
Answer: Create a new S3 bucket with server-side encryption using Amazon S3 managed keys (SSE-S3), and utilize S3 Batch Operations to copy the existing objects to this new bucket, specifying SSE-S3.
The correct answer is B. By switching the encryption method from using AWS KMS keys (SSE-KMS) to Amazon S3 managed keys (SSE-S3), you can significantly reduce costs. SSE-S3 handles encryption and decryption within S3 without additional charges per API request, unlike AWS KMS which incurs costs per request. This solution provides an efficient way to reduce costs with minimal operational overhead.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company stores millions of objects in an Amazon S3 bucket using the S3 Standard storage class. These objects are accessed frequently by an increasing number of users and applications. Currently, the objects are encrypted using server-side encryption with AWS KMS keys (SSE-KMS). Upon reviewing the monthly AWS invoice, a solutions architect identifies a rise in AWS KMS costs due to the high volume of requests from Amazon S3. To optimize costs with minimal changes to the application, which solution offers the least operational overhead?
A
Create a new S3 bucket with server-side encryption using customer-provided keys (SSE-C), then copy the existing objects to this new bucket while specifying SSE-C.
B
Create a new S3 bucket with server-side encryption using Amazon S3 managed keys (SSE-S3), and utilize S3 Batch Operations to copy the existing objects to this new bucket, specifying SSE-S3.
C
Utilize AWS CloudHSM to store the encryption keys, create a new S3 bucket, and use S3 Batch Operations to copy the existing objects to this new bucket, encrypting the objects with keys from CloudHSM.
D
Implement the S3 Intelligent-Tiering storage class for the S3 bucket and create an S3 Intelligent-Tiering archive configuration to transition objects not accessed for 90 days to S3 Glacier Deep Archive.