Your company currently stores its objects in S3.The current request rate is around 11000 GET requests per second.
There is now a mandate for objects to be encrypted at rest.
So you enable encryption using KMS.
There are now performance issues being encountered.
What could be the main reason behind this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
This is also mentioned in the AWS Documentation.
You can make API requests directly or by using an integrated AWS service that makes API requests to AWS KMS on your behalf.
The limit applies to both kinds of requests.
Option A is incorrect because S3 will not throttle requests just because encryption is enabled.
For example, you might store data in Amazon S3 using server-side encryption with AWS KMS (SSE-KMS)
Each time you upload or download an S3 object that's encrypted with SSE-KMS, Amazon S3 makes a
GenerateDataKey.
(for uploads) or
Decrypt.
(for downloads) request to AWS KMS on your behalf.
These requests count toward your limit, so AWS KMS throttles the requests if you exceed a combined total of 5500 (or 10,000) uploads or downloads per second of S3 objects encrypted with SSE-KMS.
Options B and D are incorrect because these will not help increase performance.
For more information on KMS limits improvement, please refer to the below URL-
https://docs.aws.amazon.com/kms/latest/developerguide/limits.htmlThe most likely reason for the performance issues after enabling encryption using KMS in S3 is option C: You are now exceeding the throttle limits for KMS API calls.
KMS is a service in AWS that provides encryption key management, and it's used by many other services in AWS to encrypt data at rest. When you enable encryption on an S3 bucket, S3 uses KMS to encrypt the data. When a user requests an object from the bucket, S3 contacts KMS to decrypt the object before returning it to the user.
KMS has a throttle limit on the number of API requests it can handle per second. By default, this limit is set to 10 requests per second. When you exceed this limit, KMS throttles the requests and returns a 429 Too Many Requests error. This can cause a significant slowdown in the performance of your S3 bucket, especially if you're receiving a large number of requests.
Option A, Amazon S3 will now throttle the requests since they are now being encrypted using KMS, is not entirely correct. While it's true that enabling encryption using KMS can cause some additional overhead, S3 does not throttle requests specifically because they are being encrypted using KMS. S3 will throttle requests if they exceed the S3 request rate limit for the bucket, but this is a separate issue from KMS throttling.
Option B, You need to also enable versioning to ensure optimal performance, is not correct. Enabling versioning on an S3 bucket does not have any direct impact on the performance of the bucket, whether encryption is enabled or not.
Option D, You need to also enable CORS to ensure optimal performance, is also not correct. CORS (Cross-Origin Resource Sharing) is a mechanism that allows web pages to request resources from a different domain, and it's used to enable web applications that are hosted on one domain to access resources hosted on another domain. It's not directly related to the performance of S3, and enabling CORS on an S3 bucket will not affect the performance of the bucket in any way.