Skip to Content

Getting Started with Storage: Amazon S3 Encryption to Protect Data in Transit and at Rest

By: Author Alex Lim

Posted on

Categories Exam

Learn about the types of data Amazon S3 encrypts to keep your information secure. S3 offers encryption for data in transit and data at rest. Ensure the privacy and integrity of your stored data with S3’s robust encryption options.

Table of Contents

Question

Which types of data does Amazon S3 offer encryption for? (Select TWO.)

A. Data at the edge
B. Data from endpoints
C. Data in transit
D. Data at rest
E. Data in archive

Answer

C. Data in transit
D. Data at rest

Explanation

Amazon S3 offers encryption for data in transit and data at rest. Data in transit can be protected with client-side encryption, and data at rest can be protected with either client-side encryption or server-side encryption.

Data in transit refers to data that is being transmitted over a network, such as when uploading objects to S3 or retrieving objects from S3. S3 automatically encrypts data in transit using HTTPS (TLS) to protect it from unauthorized access or tampering while it is being transmitted.

Data at rest refers to data that is stored on disks in S3 facilities. S3 provides multiple options for encrypting data at rest:

  • Server-side encryption with S3-managed keys (SSE-S3): S3 automatically encrypts each object with a unique key, which is itself encrypted with a master key that S3 regularly rotates.
  • Server-side encryption with customer-provided keys (SSE-C): The customer manages the encryption keys and S3 manages the encryption, using the customer-provided key to encrypt the object.
  • Server-side encryption with customer managed keys stored in AWS Key Management Service (SSE-KMS): Similar to SSE-S3, but with the master key stored in KMS for greater control over key management.
  • Client-side encryption: Data is encrypted by the client before sending to S3. The customer fully manages the keys and encryption process.

So in summary, the two types of data S3 encrypts are data being transferred over the network (data in transit) and data stored on disks (data at rest). The other options – data at the edge, from endpoints, and in archive – are not types of data S3 provides encryption for.

Getting Started with Storage EDSTORv1EN-US assessment question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Getting Started with Storage EDSTORv1EN-US assessment and earn Getting Started with Storage EDSTORv1EN-US badge.