A company is making extensive use of S3
They have a strict security policy and require that all artifacts are stored securely in S3
When specified in an API call, which of the following request headers will cause an object to be SSE?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
Server-side encryption is about protecting data at rest.
Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption.
Amazon S3 encrypts each object with a unique key.
As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.
Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
The object creation REST APIs (see Specifying Server-Side Encryption Using the REST API) provides a request header, x-amz-server-side-encryption that you can use to request server-side encryption.
To encrypt an object at the time of upload, you need to add a header called x-amz-server-side-encryption to the request to tell S3 to encrypt the object using SSE-C, SSE-S3, or SSE-KMS.
The following code example shows a Put request using SSE-S3.
PUT /example-object HTTP/1.1
Host: myBucket.s3.amazonaws.com.
Date: Wed, 8 Jun 2016 17:50:00 GMT.
Authorization: authorization string.
Content-Type: text/plain.
Content-Length: 11434
x-amz-meta-author: Janet.
Expect: 100-continue.
x-amz-server-side-encryption: AES256
[11434 bytes of object data]
In order to enforce object encryption, create an S3 bucket policy that denies any S3 Put request that does not include the x-amz-server-side-encryption header.
There are two possible values for the x-amz-server-side-encryption header: AES256, which tells S3 to use S3-managed keys, and aws:kms, which tells S3 to use AWS KMS-managed keys.
For more information on S3 encryption, please visit the links.
http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/The correct answer is C. x-amz-server-side-encryption.
Amazon S3 provides various methods to encrypt objects at rest. Server-side encryption (SSE) is one such method that encrypts S3 objects with encryption keys managed by AWS. SSE encrypts objects before storing them in S3 and decrypts objects when you download them.
When you upload an object to S3, you can specify that the object should be encrypted using SSE by adding a request header in the API call. The header to use is x-amz-server-side-encryption
.
Option A, AES256
, is a valid encryption algorithm that you can use with SSE, but it is not a header. When you want to use this algorithm, you specify it as the value for the x-amz-server-side-encryption
header.
Option B, amz-server-side-encryption
, is not a valid header for SSE. It should be x-amz-server-side-encryption
.
Option D, server-side-encryption
, is not a valid header for SSE. It should be x-amz-server-side-encryption
.
To summarize, when you want to encrypt an object with SSE in S3, you should use the x-amz-server-side-encryption
header in the API call and specify the appropriate encryption algorithm as the header value.